要求任何操作都建立在已經登錄的基礎上,登錄操作除外。。。。
使用Spring AOP不僅簡單,還不會對其他部件中產生影響(廢話-不然還能叫aop嗎)
以下具體代碼實現:
package com.joey.util; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Pointcut; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; /** * 登錄驗證AOP */ @Component @Aspect public class LoginHelper { private static Logger logger = LogManager.getLogger(LoginHelper.class.getName()); @Pointcut("within(com.joey.controller..*)&&!within(com.joey.controller.IndexController)") // IndexController中寫了登錄方法 public void login() { } @Around("login()") public Object auth(ProceedingJoinPoint joinPoint) throws Throwable { // 獲取session中的用戶信息 HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); String username = (String) request.getSession().getAttribute("username"); if (username == null) { logger.info("未登錄"); return new ModelAndView("redirect:/login"); } logger.info("username: " + username); return joinPoint.proceed(); } }
既然要從session中獲取用戶信息,那麼肯定要先保存的。可以自登錄方法中保存username
package com.joey.controller; import com.joey.model.User; import com.joey.service.UserService; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; @Controller @RequestMapping("/") public class IndexController { private static Logger logger = LogManager.getLogger(IndexController.class.getName()); @Resource(name = "userService") private UserService userService; @RequestMapping(value = {"", "index", "login"}, method = RequestMethod.GET) public String index() { return "login"; } /** * 管理員/普通用戶登陸 * * @param username * @param password * @return */ @RequestMapping(value = {"login"}, method = RequestMethod.POST) public ModelAndView login(HttpServletRequest request, String username, String password) { int id; try { id = userService.login(username, password); } catch (Exception e) { e.printStackTrace(); logger.info("not found"); return new ModelAndView("login") .addObject("msg", "Try Again"); } User user = userService.selectByPrimaryKey(id); request.getSession().setAttribute("username", user.getName()); // 保存username到session看這裏 return new ModelAndView(user.getAdmin() == 1 ? "admin" : "home") .addObject("id", user.getId()) .addObject("username", user.getName()) .addObject("description", user.getDescription()) .addObject("isAdmin", user.getAdmin() == 1 ? "admin" : "user"); } @RequestMapping(value = "home", method = RequestMethod.GET) public String home() { return "admin"; } }
完~