aop配合自定义的注解使用,使用RequestContextHolder静态类获取HttpServletRequest

66 阅读 0 评论 44 点赞

我是靠谱客的博主美满小鸭子，最近开发中收集的这篇文章主要介绍aop配合自定义的注解使用,使用RequestContextHolder静态类获取HttpServletRequest，觉得挺不错的，现在分享给大家，希望可以做个参考。

概述

先创建一个注解

package com.fchan.hashmapstudy.aspect;

public @interface CheckIng {
}

`aop`配置类

在需要aop切入的方法中加上这个注解就可以了

package com.fchan.hashmapstudy.aspect;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;

@Aspect
@Component
public class CheckIngAspect {


    //注解的包名全路径
    @Around("@annotation(com.fchan.hashmapstudy.aspect.CheckIng)")
    public Object checkIng(ProceedingJoinPoint point) throws Throwable {
		//通过 RequestContextHolder 获取 HttpServletRequest
        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
        HttpServletRequest httpServletRequest = servletRequestAttributes.getRequest();

        //从header中获取token
        String token = httpServletRequest.getHeader("x-toekn");

        //校验toekn,如果校验成功就执行方法,否则就抛异常出去,这里只是为了说明aop配合注解使用,就不多写了
        return point.proceed();
    }

}

在这里插入图片描述

通过`RequestContextHolder`静态类获取`HttpServletRequest`

//通过 RequestContextHolder 获取 HttpServletRequest
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
HttpServletRequest httpServletRequest = servletRequestAttributes.getRequest();

通过在自定义注解内传入参数,配合`aop`做用户角色校验

定义一个可以传入自定义参数的注解,然后在aop中配置拦截

自定义注解中要注意参数的类型是有限制的。

A primitive type—基本类型（java的八种基本类型：byte、short、int、long、float、double、char、boolean）
String
Class
An enum type
An annotation type
An array type ：类型为以上任一类型的数组

除了以上标示，其他类型编译都会出错： invalid type of annotation member。

package com.fchan.hashmapstudy.aspect;

import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;

@Retention(RetentionPolicy.RUNTIME)
// RetentionPolicy.RUNTIME 表示CheckUserRole这个注解在运行期可以用反射取到
public @interface CheckUserRole {
    String value();
}

aop中拦截使用该注解的方法,并且获取注解中配置的参数进行校验

private HttpServletRequest getHttpServletRequest() {
    RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
    ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
    return servletRequestAttributes.getRequest();
}


@Around("@annotation(com.fchan.hashmapstudy.aspect.CheckUserRole)")
public Object checkUserRole(ProceedingJoinPoint point) throws Throwable {
    //获取token
    HttpServletRequest httpServletRequest = getHttpServletRequest();
    String token = httpServletRequest.getHeader("x-token");
    //todo token有效期校验

    //获取请求里提交的role
    String requestRole = httpServletRequest.getHeader("role");

    //获取方法上的注解里的role值,比对看看是否相等,相等则符合要求
    MethodSignature signature = ((MethodSignature) point.getSignature());
    Method method = signature.getMethod();

    // 这里想通过反射获取 CheckUserRole 注解,需要在注解定义的地方加上 @Retention(RetentionPolicy.RUNTIME)
    CheckUserRole annotation = method.getAnnotation(CheckUserRole.class);
    String annotationRole = annotation.value();
    if(!Objects.equals(requestRole, annotationRole)){
        throw new SecurityException("用户无权访问");
    }
    return point.proceed();
}