建议前Spring-AOP的条件行为 [英] Conditional behavior of Spring-AOP Before Advice

问题描述

我对AOP有点陌生，并对所面临的问题感到困惑.我在表示层上有对方法起作用的Annotation @AuthorizeUser.我需要检查用户是否有权执行该方法.这是AuthorizeUserAspect的代码:

I'm a little new to AOP, and got confused about the problem I'm facing. I have the Annotation @AuthorizeUser which acts on methods, on Presentation Layer. I need to check if User is authorized to execute that method or not. Here is the code for AuthorizeUserAspect:

@Aspect
public class AuthorizeUserAspect {
    @AuthoWired
    private UserService service;

    @Before(value = "@annotation(com.company.annotation.AuthorizeUser)")
    public void isAuthorized(JoinPoint jp) {
        // Check if the user has permission or not
        // executing some Service Layer services and 
        // Persistence Layer, corresponding to that
        service.checkUser();

        // Is there a way I can make this method Conditional. something like:
        if ( /* User has permission */ ) {
            // do nothing, so the method will be executed after this
        }
        else {
            // 1) Prevent the Method to be executed [and/or]
            // 2) Pass some Parameters to the method for checking [and/or]
            // 3) Execute another method on that class [e.g showAccessDenied()]
        }
    }
}

与这个问题有点类似 Spring MVC +咨询前检查安全性.但是它建议返回一些字符串(即"Not OK").我的应用程序中有两种类型的UI(Struts和Jersey)，因此返回类型有两种(分别为String和Response).因此，我认为这可能不是最好的方法.

如果您能为我提供解决方法，我将非常高兴.
这甚至是个好方法吗?

It's a little bit similar to this question Spring MVC + Before Advice check security. But it suggested to return some String (ie. "Not OK"). There are two types of UI in my application (Struts and Jersey), so there would be two type of return type (String and Response respectively). So I guess that might not be the best way to do it.

I would be very glad if you could show me a workaround for this.
Is this even a good approach or not?

推荐答案

首先，您是否看过

First of all, have you looked at Spring Security? It is completely declarative and does not require you to write aspects yourself. It secures methods by throwing an exception if the user is not authenticated or doesn't have the required privilege.

关于您的两种不同返回类型的问题:

Regarding your problem with two different return types:

第一个选项:针对方法的返回类型创建两种不同的建议:

First option: Create two different kinds of advices, specific to the return type of the method:

@Before("@annotation(com.company.annotation.AuthorizeUser) && execution(String *.*(..))")
public void isAuthorizedString(JoinPoint jp) {
    ...
}

@Before("@annotation(com.company.annotation.AuthorizeUser) && execution(Response *.*(..))")
public void isAuthorizedResponse(JoinPoint jp) {
    ...
}

第二个选项:通过反射找出建议方法的返回类型，并基于此返回不同的值:

Second option: Find out the return type of the advised method via reflection and return a different value based on that:

@Before("@annotation(com.company.annotation.AuthorizeUser")
public void isAuthorized(JoinPoint jp) {
    Class<?> returnType = ((MethodSignature)jp.getStaticPart()
            .getSignature()).getReturnType();
    if(returnType == String.class)
        ...
    else
        ...
}

这篇关于建议前Spring-AOP的条件行为的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！