基于AOP鉴权

基于AOP的简单鉴权:

注解Auth:

@Documented
@Target({ElementType.METHOD,ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface Auth {

    RoleEnum[] value();
}

返回类型RoleEnum数组;注解可以在类上页可以在具体方法上,优先方法注解生效;

RoleEnum

/**
 * @ClassName RoleEnum
 * @Description TODO
 * @Author liuzetian
 * @Date 2019/6/4 7:41 PM
 * @Version 1.0
 **/
public enum RoleEnum {

    MANAGER("ROLE_manager", "xxxx"),
    PERSONNEL("ROLE_personnel", "xxxx"),
    RECRUITER("ROLE_recruiter", "xxxx"),
    TRAIN("ROLE_train", "xxxx"),
    SALARY("ROLE_salary", "xxxx"),
    ADMIN("ROLE_admin", "xxxx"),
    SOCIAL_FUND("ROLE_social_fund", "xxxx"),
    PROVIDENT("ROLE_provident", "xxxx"),
    TAX("ROLE_tax", "xxxx"),
    PERFORMANCE("ROLE_performance", "xxxx");

    private String name;

    private String nameZh;

    RoleEnum(String name, String nameZh) {
        this.name = name;
        this.nameZh = nameZh;
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public String getNameZh() {
        return nameZh;
    }

    public void setNameZh(String nameZh) {
        this.nameZh = nameZh;
    }
}

Aspect 切面

/**
 * @ClassName AuthFilterAspect
 * @Description 权限校验
 * @Author liuzetian
 * @Date 2019/6/4 5:43 PM
 * @Version 1.0
 **/
@Component
@Aspect
public class AuthFilterAspect {

    @Pointcut("within(com.xx.xx.xx.controller.*)")
    public void pointCut() {
    }

    @Around("pointCut()")
    public Object checkAuth(ProceedingJoinPoint joinPoint) throws Throwable {
//        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
//        String method = request.getMethod();

        RoleEnum[] roleEnums;

        MethodSignature joinPointObject = (MethodSignature) joinPoint.getSignature();
        Method method = joinPointObject.getMethod();

        boolean isMethodHaveAuth = method.isAnnotationPresent(Auth.class);
        //如果方法有权限设置则获取方法的权限 否则获取类上的权限
        if (isMethodHaveAuth) {
            Auth annotation = method.getAnnotation(Auth.class);
            roleEnums = annotation.value();
        } else {
            //获取类上@Auth注解
            Auth classAnnotation = AnnotationUtils.findAnnotation(joinPointObject.getMethod().getDeclaringClass(), Auth.class);
            if (classAnnotation != null) {
                roleEnums = classAnnotation.value();
            } else {
                //没有权限设置则默认都可访问
                return joinPoint.proceed();
            }
        }
        if (check(roleEnums)) {
            return joinPoint.proceed();
        }
        return ResponseHelper.validationFailure("权限不足,请联系管理员.");
    }

    private boolean check(RoleEnum[] roleEnums) {

        AdminUser user = AdminUtils.getCurrentAdmin();
        List<Role> roles = user.getRoles();

        for (RoleEnum roleEnum : roleEnums) {
            for (Role role : roles) {
                //默认管理员有全部权限
                if (RoleEnum.ADMIN.getName().equals(role.getName())) {
                    return true;
                }
                if (roleEnum.getName().equals(role.getName())) {
                    return true;
                }
            }
        }
        return false;
    }
}

例:

打在类上

import java.util.List;

@Auth({RoleEnum.ADMIN})
@RestController
@RequestMapping("/system/admin")
public class AdminUserController {

}

/**
 * @author peifeng.lzt@raycloud.com
 * @since 2019-04-11
 */
@Auth({RoleEnum.TAX,RoleEnum.SOCIAL_FUND,RoleEnum.PROVIDENT})
@Log4j2
@RestController
@RequestMapping("/period-summ-company")
public class PeriodSummaryAmmountCompanyController {
    
}

打在方法上:

/**
 * 
 * @author peifeng.lzt@raycloud.com
 * @since 2019-04-17
 */
@Log4j2
@RestController
@RequestMapping("/personal-incometax")
public class PersonalIncomeTaxController {
    private final Logger logger = LoggerFactory.getLogger(PersonalIncomeTaxController.class);

    @Autowired
    public IPersonalIncomeTaxService iPersonalIncomeTaxService;

    @Autowired
    public IStaffService iStaffService;


    /**
     * 分页查询数据
     *
     * @param page  分页信息
     * @param query 查询条件
     * @return
     */
   @Auth({RoleEnum.TAX})
    @GetMapping("/getPersonalIncomeTaxPageList")
    public ResponseModel<Page<PersonalIncomeTaxVO>> getPersonalIncomeTaxList(Page page, PersonalIncomeTaxQuery query) {

    
    }

}