要求任何操作都建立在已经登录的基础上,登录操作除外。。。。
使用Spring AOP不仅简单,还不会对其他部件中产生影响
以下具体代码实现:
package com.joey.util;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
/**
* 登录验证AOP
*/
@Component
@Aspect
public class LoginHelper {
private static Logger logger = LogManager.getLogger(LoginHelper.class.getName());
@Pointcut("within(com.joey.controller..*)&&!within(com.joey.controller.IndexController)") // IndexController中写了登录方法
public void login() {
}
@Around("login()")
public Object auth(ProceedingJoinPoint joinPoint) throws Throwable {
// 获取session中的用户信息
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String username = (String) request.getSession().getAttribute("username");
if (username == null) {
logger.info("未登录");
return new ModelAndView("redirect:/login");
}
logger.info("username: " + username);
return joinPoint.proceed();
}
}
既然要从session中获取用户信息,那么肯定要先保存的。可以自登录方法中保存username
package com.joey.controller;
import com.joey.model.User;
import com.joey.service.UserService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
@Controller
@RequestMapping("/")
public class IndexController {
private static Logger logger = LogManager.getLogger(IndexController.class.getName());
@Resource(name = "userService")
private UserService userService;
@RequestMapping(value = {"", "index", "login"}, method = RequestMethod.GET)
public String index() {
return "login";
}
/**
* 管理员/普通用户登陆
*
* @param username
* @param password
* @return
*/
@RequestMapping(value = {"login"}, method = RequestMethod.POST)
public ModelAndView login(HttpServletRequest request, String username, String password) {
int id;
try {
id = userService.login(username, password);
} catch (Exception e) {
e.printStackTrace();
logger.info("not found");
return new ModelAndView("login")
.addObject("msg", "Try Again");
}
User user = userService.selectByPrimaryKey(id);
request.getSession().setAttribute("username", user.getName()); // 保存username到session看这里
return new ModelAndView(user.getAdmin() == 1 ? "admin" : "home")
.addObject("id", user.getId())
.addObject("username", user.getName())
.addObject("description", user.getDescription())
.addObject("isAdmin", user.getAdmin() == 1 ? "admin" : "user");
}
@RequestMapping(value = "home", method = RequestMethod.GET)
public String home() {
return "admin";
}}
