java+SpringSecurity+用AOP使用注解实现统一数据隔离

124 阅读 0 评论 82 点赞

我是靠谱客的博主快乐砖头，这篇文章主要介绍java+SpringSecurity+用AOP使用注解实现统一数据隔离，现在分享给大家，希望可以做个参考。

1，实现”数据权限过滤注解“：
如下：
在这里插入图片描述 2，需要在下图实现代码”使其可以项目启动可以自动装配“:
如下：
3，最重要：实现数据过滤处理
代码如下：

复制代码

package com.bd.common.datascope.aspect;

import com.bd.common.core.utils.StringUtils;
import com.bd.common.core.web.domain.BaseEntity;
import com.bd.common.datascope.annotation.WmsDataScope;
import com.bd.common.security.utils.SecurityUtils;
import com.bd.system.api.domain.SysUser;
import com.bd.system.api.model.LoginUser;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.stereotype.Component;

/**
 * 数据过滤处理
 *
 */
@Aspect
@Component
public class WmsDataScopeAspect
{
    /**
     * 数据权限过滤关键字
     */
    public static final String DATA_SCOPE = "dataScope";

@Before("@annotation(controllerWmsDataScope)")
    public void doBefore(JoinPoint point, WmsDataScope controllerWmsDataScope) throws Throwable
    {
        clearDataScope(point);
        handleDataScope(point, controllerWmsDataScope);
    }

protected void handleDataScope(final JoinPoint joinPoint, WmsDataScope controllerWmsDataScope)
    {
        // 获取当前的用户
        LoginUser loginUser = SecurityUtils.getLoginUser();
        if (StringUtils.isNotNull(loginUser))
        {
            SysUser currentUser = loginUser.getSysUser();
            //如果是超级管理员，则不过滤
            if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()){
                dataScopeFilter(joinPoint, currentUser, controllerWmsDataScope.wmsDepotAlias());
            }
        }
    }

/**
     * 数据范围过滤
     *
     * @param joinPoint 切点
     * @param user 用户
     */
    public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String wmsDepotAlias)
    {
        StringBuilder sqlString = new StringBuilder();
        sqlString.append(StringUtils.format(
                " JOIN (这里是需要拼接的sql) SUD ON {}=SUD.(需要join的字段) ", user.getSitecode(),
                wmsDepotAlias));

if (StringUtils.isNotBlank(sqlString.toString()))
        {
            Object params = joinPoint.getArgs()[0];
            if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
            {
                BaseEntity baseEntity = (BaseEntity) params;
                baseEntity.getParams().put(DATA_SCOPE, sqlString);
            }
        }
    }

/**
     * 拼接权限sql前先清空params.dataScope参数防止注入
     */
    private void clearDataScope(final JoinPoint joinPoint)
    {
        Object params = joinPoint.getArgs()[0];
        if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
        {
            BaseEntity baseEntity = (BaseEntity) params;
            baseEntity.getParams().put(DATA_SCOPE, "");
        }
    }
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package com.bd.common.datascope.aspect;

import com.bd.common.core.utils.StringUtils;
import com.bd.common.core.web.domain.BaseEntity;
import com.bd.common.datascope.annotation.WmsDataScope;
import com.bd.common.security.utils.SecurityUtils;
import com.bd.system.api.domain.SysUser;
import com.bd.system.api.model.LoginUser;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.stereotype.Component;

/**
 * 数据过滤处理
 *
 */
@Aspect
@Component
public class WmsDataScopeAspect
{
    /**
     * 数据权限过滤关键字
     */
    public static final String DATA_SCOPE = "dataScope";

    @Before("@annotation(controllerWmsDataScope)")
    public void doBefore(JoinPoint point, WmsDataScope controllerWmsDataScope) throws Throwable
    {
        clearDataScope(point);
        handleDataScope(point, controllerWmsDataScope);
    }

    protected void handleDataScope(final JoinPoint joinPoint, WmsDataScope controllerWmsDataScope)
    {
        // 获取当前的用户
        LoginUser loginUser = SecurityUtils.getLoginUser();
        if (StringUtils.isNotNull(loginUser))
        {
            SysUser currentUser = loginUser.getSysUser();
            //如果是超级管理员，则不过滤
            if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()){
                dataScopeFilter(joinPoint, currentUser, controllerWmsDataScope.wmsDepotAlias());
            }
        }
    }

    /**
     * 数据范围过滤
     *
     * @param joinPoint 切点
     * @param user 用户
     */
    public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String wmsDepotAlias)
    {
        StringBuilder sqlString = new StringBuilder();
        sqlString.append(StringUtils.format(
                " JOIN (这里是需要拼接的sql) SUD ON {}=SUD.(需要join的字段) ", user.getSitecode(),
                wmsDepotAlias));

        if (StringUtils.isNotBlank(sqlString.toString()))
        {
            Object params = joinPoint.getArgs()[0];
            if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
            {
                BaseEntity baseEntity = (BaseEntity) params;
                baseEntity.getParams().put(DATA_SCOPE, sqlString);
            }
        }
    }

    /**
     * 拼接权限sql前先清空params.dataScope参数防止注入
     */
    private void clearDataScope(final JoinPoint joinPoint)
    {
        Object params = joinPoint.getArgs()[0];
        if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
        {
            BaseEntity baseEntity = (BaseEntity) params;
            baseEntity.getParams().put(DATA_SCOPE, "");
        }
    }
}