下面列出了org.springframework.web.bind.annotation.RequestMethod#toString ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* 判断当前用户对访问的方法是否有权限
*
* @param pjp 方法
* @param requestMapping 方法上的annotation
*
* @return
*
* @throws Throwable
*/
@Around("anyPublicMethod() && @annotation(requestMapping) && [email protected](com.baidu.dsp.common.annotation.NoAuth)")
public Object decideAccess(ProceedingJoinPoint pjp, RequestMapping requestMapping) throws Throwable {
// 获取method上的url,若未标注value则默认为空字符串
String[] values = requestMapping.value();
String methodUrl = "";
if (values.length != 0) {
methodUrl = values[0];
}
String clsUrl = pjp.getTarget().getClass().getAnnotation(RequestMapping.class).value()[0];
// 拼接method和class上标注的url
if (!clsUrl.endsWith(RoleResourceConstant.URL_SPLITOR) &&
!methodUrl.startsWith(RoleResourceConstant.URL_SPLITOR)) {
clsUrl += RoleResourceConstant.URL_SPLITOR;
}
String urlPattarn = clsUrl + methodUrl;
if (!urlPattarn.endsWith(RoleResourceConstant.URL_SPLITOR)) {
urlPattarn += RoleResourceConstant.URL_SPLITOR;
}
if (noAuthCheckUrl != null && noAuthCheckUrl.contains(urlPattarn)) {
LOG.info("don't need to check this url: " + urlPattarn);
} else {
// 获取method上标注的http method,若未标注method则默认为GET
RequestMethod[] methods = requestMapping.method();
RequestMethod methodType = RequestMethod.GET;
if (methods.length != 0) {
methodType = methods[0];
}
String urlInfo = urlPattarn + ", method:" + methodType.toString();
// 获取用户角色
Visitor visitor = ThreadContext.getSessionVisitor();
if (visitor == null) {
LOG.warn("No session visitor!");
throw new AccessDeniedException("No session visitor! " + urlInfo);
}
Integer roleId = visitor.getRoleId();
String visitorInfo = ", UserId:" + visitor.getId() + ", RoleId:" + roleId;
Boolean isPriviledged = true;
// 判断用户是否有权限访问方法
if (!this.isMethodAccessible(urlPattarn, methodType, roleId)) {
isPriviledged = false;
throw new AccessDeniedException("Access Denied: " + urlInfo + visitorInfo);
}
LOG.info("Accessing URL:" + urlInfo + visitorInfo + ", Is priviledged:" + isPriviledged.toString());
}
Object rtnOb = null;
try {
// 执行方法
rtnOb = pjp.proceed();
} catch (Throwable t) {
LOG.info(t.getMessage());
throw t;
}
return rtnOb;
}
/**
* 判断当前用户对访问的方法是否有权限
*
* @param pjp 方法
* @param requestMapping 方法上的annotation
*
* @return
*
* @throws Throwable
*/
@Around("anyPublicMethod() && @annotation(requestMapping) && [email protected](com.baidu.dsp.common.annotation.NoAuth)")
public Object decideAccess(ProceedingJoinPoint pjp, RequestMapping requestMapping) throws Throwable {
// 获取method上的url,若未标注value则默认为空字符串
String[] values = requestMapping.value();
String methodUrl = "";
if (values.length != 0) {
methodUrl = values[0];
}
String clsUrl = pjp.getTarget().getClass().getAnnotation(RequestMapping.class).value()[0];
// 拼接method和class上标注的url
if (!clsUrl.endsWith(RoleResourceConstant.URL_SPLITOR) &&
!methodUrl.startsWith(RoleResourceConstant.URL_SPLITOR)) {
clsUrl += RoleResourceConstant.URL_SPLITOR;
}
String urlPattarn = clsUrl + methodUrl;
if (!urlPattarn.endsWith(RoleResourceConstant.URL_SPLITOR)) {
urlPattarn += RoleResourceConstant.URL_SPLITOR;
}
if (noAuthCheckUrl != null && noAuthCheckUrl.contains(urlPattarn)) {
LOG.info("don't need to check this url: " + urlPattarn);
} else {
// 获取method上标注的http method,若未标注method则默认为GET
RequestMethod[] methods = requestMapping.method();
RequestMethod methodType = RequestMethod.GET;
if (methods.length != 0) {
methodType = methods[0];
}
String urlInfo = urlPattarn + ", method:" + methodType.toString();
// 获取用户角色
Visitor visitor = ThreadContext.getSessionVisitor();
if (visitor == null) {
LOG.warn("No session visitor!");
throw new AccessDeniedException("No session visitor! " + urlInfo);
}
Integer roleId = visitor.getRoleId();
String visitorInfo = ", UserId:" + visitor.getId() + ", RoleId:" + roleId;
Boolean isPriviledged = true;
// 判断用户是否有权限访问方法
if (!this.isMethodAccessible(urlPattarn, methodType, roleId)) {
isPriviledged = false;
throw new AccessDeniedException("Access Denied: " + urlInfo + visitorInfo);
}
LOG.info("Accessing URL:" + urlInfo + visitorInfo + ", Is priviledged:" + isPriviledged.toString());
}
Object rtnOb = null;
try {
// 执行方法
rtnOb = pjp.proceed();
} catch (Throwable t) {
LOG.info(t.getMessage());
throw t;
}
return rtnOb;
}