[代码记录生活]利用注解实现权限验证
定义注解:
使用注解:
创建一个Privilege类,存放用户访问信息
输出结果:
用b/s模式做的话,则是跳转各页面,自行参考。
package app;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@Retention(RetentionPolicy.RUNTIME)
public @interface PrivilegeAnnotation {
String model(); //模块
String pivilegeValue();//权限名
}
使用注解:
public class StudentAction {
//student 模板中的add方法
@PrivilegeAnnotation(model="student",pivilegeValue="add")
public void add() {
System.out.println("add student......");
}
@PrivilegeAnnotation(model="student",pivilegeValue="update")
public void update() {
System.out.println("update student.......");
}
@PrivilegeAnnotation(model="student",pivilegeValue="delete")
public void delete() {
System.out.println("delete ...............");
}
//select 为所有用户都能查看
public void select() {
System.out.println("select...............");
}
}
创建一个Privilege类,存放用户访问信息
public class Privilege {
private String uname; //用户名
private String model; ////模块
private String privilegeValue; //权限名
..... get set 方法
}
public class PrivilegeService {
//获得用户的所有权限
public static ArrayList<Privilege> getPrivilege(String
uname){
ArrayList<Privilege> list=new ArrayList<Privilege>();
if("admin".equals(uname)){
list.add(new Privilege("admin",
"student", "add"));
list.add(new Privilege("admin",
"student", "update"));
list.add(new Privilege("admin",
"student", "delete"));
}else {
list.add(new Privilege("andy",
"student", "add"));
}
return list;
}
}
/**
* 进行权限管理
* @author zhou
*
*/
public class PrivilegeManager {
private StudentAction action;
//-------------------------------------------------------------
//b/s模式中不需要传action 接收一个StudentAction类
public PrivilegeManager(StudentAction action) {
this.action=action;
}
//-------------------------------------------------------------
//权限验证,b/s不需要传name uname:用户名 methodName:方法名
public void validate(String uname,String methodName){
//1.
Method method=this.getMethod(methodName);
//-------------------------------------------------------------
//2.
PrivilegeAnnotation annotation=this.getAnnotation(method);
//-------------------------------------------------------------
if(annotation!=null){
//3.根据注解和传入的用户名,得到Privilege对象
//根据注解和传入的用户名,得到Privilege对象
Privilege privilege=new Privilege();
privilege.setUname(uname);
privilege.setModel(annotation.model()); //获得注解中的模块名称
privilege.setPrivilegeValue(annotation.pivilegeValue());//获得注解中的访问操作
//-------------------------------------------------------------
//得到该用户的所有权限
ArrayList<Privilege> list=PrivilegeService.getPrivilege(uname);
//判断该用户是否有权限
//contains list中是否存在指定对象
if(list.contains(privilege)){ //存在
this.doMethod(method); //调用方法
}else{ //不存在
System.out.println("没有权限");
}
}else{
this.doMethod(method); //调用方法
}
}
//-------------------------------------------------------------
//得到方法名对应的Method对象
private Method getMethod(String methodName){
Method method=null;
try {
//从StudentAction类中得到对应的方法
method=this.action.getClass
().getDeclaredMethod(methodName);
} catch (SecurityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchMethodException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return method;
}
//-------------------------------------------------------------
//再将方法传入进来 得到注解对象
private PrivilegeAnnotation getAnnotation(Method
method){
PrivilegeAnnotation annotation=null;
if (method.isAnnotationPresent
(PrivilegeAnnotation.class)){
annotation=method.getAnnotation
(PrivilegeAnnotation.class);
}
return annotation;
}
}
public class Demo {
public static void main(String[] args) {
StudentAction action=new StudentAction();
PrivilegeManager manager=new PrivilegeManager(action);
manager.validate("admin","select");
manager.validate("admin","update");
manager.validate("admin","delete");
manager.validate("admin","add");
System.out.println("------andy--------------");
manager.validate("andy","select");
manager.validate("andy","update");
manager.validate("andy","delete");
manager.validate("andy","add");
System.out.println("------jack--------------");
manager.validate("jack","select");
manager.validate("jack","update");
manager.validate("jack","delete");
manager.validate("jack","add");
}
}
输出结果:
select............... update student....... delete ............... add student...... ------andy-------------- select............... 没有权限 没有权限 add student...... ------jack-------------- select............... 没有权限 没有权限 没有权限
用b/s模式做的话,则是跳转各页面,自行参考。