Java aop 实战 Token鉴权

自定义注解

Authorization.java

package cn.zdfy.blogsystem.authorization.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * 在Controller的方法上使用此注解,该方法在映射时会检查用户鉴权
 */
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Authorization {
}

创建aop拦截

package cn.zdfy.blogsystem.authorization.handler;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;

import javax.servlet.http.HttpServletRequest;

import cn.zdfy.blogsystem.authorization.annotation.Authorization;
import cn.zdfy.blogsystem.config.ResultStatus;
import cn.zdfy.blogsystem.model.ResultModel;

@Aspect
@Component
public class AuthHandle {
    @Pointcut(value = "execution(public * cn.zdfy.blogsystem.controller..*.*(..))")
    public void start() {

    }

    @Around("start()")
    public ResponseEntity access(ProceedingJoinPoint joinPoint) {
        MethodSignature joinPointObject = (MethodSignature) joinPoint.getSignature();
        //获得请求的方法 
        Method method = joinPointObject.getMethod();
        if (hasAnnotationOnMethod(method, Authorization.class)) {
            String token = (String) getParams("token");
            System.out.println("token ====================== " + token);
            if (token.equals("123456")) {
                System.out.println("token is ok");
            } else {
                return new ResponseEntity<>(ResultModel.error(ResultStatus.TOKEN_ERROR), HttpStatus.OK);
            }
        }
        ResponseEntity obj = null;
        try {
            obj = (ResponseEntity) joinPoint.proceed();
        } catch (Throwable throwable) {
            throwable.printStackTrace();
        }
        return obj;
    }

    /**
     * 获取参数
     *
     * @param key
     * @return
     */
    private Object getParams(String key) {
        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
        HttpServletRequest request = servletRequestAttributes.getRequest();
        return request.getParameter(key);
    }

    /**
     * 判断某方法上是否含有某注解
     *
     * @param method
     * @param annotationClazz
     * @return
     */
    private boolean hasAnnotationOnMethod(Method method, Class annotationClazz) {
        //使用反射获取注解信息
        Annotation a = method.getAnnotation(annotationClazz);
        if (a == null) {
            return false;
        }
        return true;
    }
}

这里token check简单做个字符串比较说明一下 问题

看一下测试结果

token 正确的
Java aop 实战 Token鉴权_第1张图片
token 错误的
Java aop 实战 Token鉴权_第2张图片

总结 使用aop可以帮我有效节约 大部分冗余代码 岂不是美滋滋

你可能感兴趣的:(Java,Spring,疑难杂症)