[Java][SpringBoot]AspectJ切面配合自定义注解实现权限校验

本文章介绍了如何通过创建自定义的权限校验注解，配合AspectJ切面拦截注解实现权限校验。

1. 创建权限校验注解

创建权限校验注解，可用在方法和类上，authPoint属性表示所需的权限点。代码如下：

package com.guo.demo.examples.permissioncheck;

import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target(value = {ElementType.TYPE, ElementType.METHOD})
public @interface PermissionCheck {
    /**
     * 所需的权限点
     *
     * @return 所需的权限点
     */
    String authPoint();
}

2. 创建AspectJ切面拦截注解校验权限

创建AspectJ切面，拦截带有@PermissionCheck注解的方法或类，获取注解上的权限点进行校验。代码如下：

package com.guo.demo.examples.permissioncheck;

import lombok.extern.slf4j.Slf4j;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.stereotype.Component;

import javax.annotation.Resource;

@Slf4j
@Aspect
@Component
public class PermissionCheckAspect {
    // 权限校验服务
    @Resource
    private PermissionService permissionService;

    // 定义切入点表达式，匹配带有PermissionCheck注解的方法或类
    @Pointcut("@annotation(com.guo.demo.examples.permissioncheck.PermissionCheck) || @within(com.guo.demo.examples.permissioncheck.PermissionCheck)")
    public void pointCut() {
    }

    @Around("pointCut()")
    public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
        // 1.获取目标类上的目标注解
        PermissionCheck annotationInClass = AnnotationUtils.findAnnotation(signature.getDeclaringType(), PermissionCheck.class);
        // 2.获取目标方法上的目标注解
        PermissionCheck annotationInMethod = AnnotationUtils.findAnnotation(signature.getMethod(), PermissionCheck.class);
        // 优先取方法上的注解，若方法上无注解，则取类上的注解
        PermissionCheck annotation = annotationInMethod != null ? annotationInMethod : annotationInClass;
        if (annotation == null) {
            log.error("PermissionCheck annotation is null, {}", signature.toLongString());
            throw new RuntimeException("PermissionCheck annotation is null");
        }

        String authPoint = annotation.authPoint();
        if (permissionService.hasAuthPoint(authPoint)) { // 进行权限校验
            return joinPoint.proceed();
        } else {
            log.warn("user [{}] no permission, authPoint: {}", SessionUtils.getCurrentUser().getFullName(), authPoint);
            throw new RuntimeException("no permission: [" + authPoint + "]");
        }
    }
}

3. 用法示例

package com.guo.demo.examples.permissioncheck;

import com.guo.demo.pojo.vo.Response;

import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.Resource;
import javax.validation.Valid;

@RestController
@RequestMapping("employee")
// 如果在类上使用注解，则对该类下所有public方法生效
// @PermissionCheck(authPoint = AuthPointConstant.EMPLOYEE_MANAGE)
public class EmployeeController {
    @Resource
    private EmployeeService employeeService;

    @PermissionCheck(authPoint = AuthPointConstant.ADD_EMPLOYEE) // 在方法上使用校验注解
    @PostMapping("add")
    public Response<?> add(@RequestBody @Valid AddEmployeeRequest request) {
        employeeService.add(request);
        return Response.success();
    }
}

A. 参考文章

• Spring AOP 和 拦截器 获取类上与方法上的注解 - kelelipeng - 博客园 (cnblogs.com)