运用Spring AOP验证用户权限实例
时间:2011-07-08
1.新建一个Java普通工程,并需导入spring-aop.jar包;
2.建UserInfo类:
package aop.secure;
public class UserInfo {
private String userName;
private String password;
public UserInfo(String userName, String password){
this.userName = userName;
this.password = password;
}
public String getPassword() {
return password;
}
public String getUserName() {
return userName;
}
}
3.建安全信息提示类SecureBean:
package aop.secure;
public class SecureBean {
public void writeSecureMessage(){
System.out.println("Every time I learn something new and it pushes some old stuff out of my brain.");
}
}
4.建切面类SecurityAdvice实现org.springframework.aop.MethodBeforeAdvice:
package aop.secure;
import java.lang.reflect.Method;
import org.springframework.aop.MethodBeforeAdvice;
public class SecurityAdvice implements MethodBeforeAdvice {
private SecurityManager securityManager;
public SecurityAdvice(){
this.securityManager = new SecurityManager();
}
public void before(Method method, Object[] args, Object target) throws Throwable {
UserInfo user = securityManager.getLoggedOnUser();
if(user == null){
System.out.println("No user authenticated.");
throw new SecurityException("Method name: " + method.getName());
}else if("chigo".equals(user.getUserName()) && "chigo".equals(user.getPassword())){
System.out.println("OKAY!");
}else{
System.out.println("Logged in user is: " + user.getUserName());
throw new SecurityException("User " + user.getUserName() + " is not allowed access to method " + method.getName());
}
}
}
运用Spring AOP验证用户权限实例(2)
时间:2011-07-08
5.建登陆与注销管理类SecurityManager:
package aop.secure;
public class SecurityManager {
private static ThreadLocal local = new ThreadLocal();
public void login(String userName, String password){
local.set(new UserInfo(userName,password));
}
public void logout(){
local.set(null);
}
public UserInfo getLoggedOnUser(){
return (UserInfo)local.get();
}
}
6.最后建测试类SecurityExample:
package aop.secure;
import org.springframework.aop.framework.ProxyFactory;
public class SecurityExample {
private static SecureBean getSecureBean(){
SecureBean sbean = new SecureBean();
SecurityAdvice sadvice = new SecurityAdvice();
ProxyFactory pf = new ProxyFactory();
pf.setTarget(sbean);
pf.addAdvice(sadvice);
SecureBean factory = (SecureBean)pf.getProxy();
return factory;
}
public static void main(String[] args) {
SecurityManager mgr = new SecurityManager();
SecureBean sbean = getSecureBean();
mgr.login("chigo","chigo");
sbean.writeSecureMessage();
mgr.logout();
try{
mgr.login("kkk","");
sbean.writeSecureMessage();
}catch(SecurityException ex){
System.out.println("Exception caught: " + ex.getMessage());
}finally{
mgr.logout();
}
try{
sbean.writeSecureMessage();
}catch(SecurityException ex){
System.out.println("Exception caught: " + ex.getMessage());
}
}
}
|