此權(quán)限管理系統(tǒng)把待訪問的業(yè)務(wù)層方法做為權(quán)限管理中的資源,通過spring aop 對接口方法進(jìn)行攔截,來實(shí)現(xiàn)權(quán)限的管理,可以實(shí)現(xiàn)細(xì)粒度的權(quán)限控制。
在上文體驗(yàn)了spring aop 一些特性,aop 接口:MethodBeforeAdvice, AfterReturningAdvice, ThrowsAdvice 實(shí)現(xiàn)這三個接口分別對方法執(zhí)行前,后,執(zhí)行中拋異常等情況進(jìn)行的,我們要是想做overload 這樣的操作時,要用MethodInterceptor 接口,此接口好在有返回值,
public Object invoke(
MethodInvocation invocation)
throws Throwable
{
//.
}
上文做法有些牽強(qiáng)業(yè)務(wù)邏輯還有throws PermissionDeniedException 感覺不爽,現(xiàn)在用MethodInterceptor 接口,來寫這個demo,把權(quán)限與業(yè)務(wù)分開。
advice 如下:
public class PermissionCheckAroundAdvice implements MethodInterceptor {
SecurityManager securityMgr = new SecurityManager();
/**//**
* @param securityMgr The securityMgr to set.
*/
public void setSecurityMgr(SecurityManager securityMgr) {
this.securityMgr = securityMgr;
}
public Object invoke(MethodInvocation invocation) throws Throwable {
System.out.println("(被調(diào)用方法接口類名: "
+ invocation.getMethod().getDeclaringClass().getName() + ")");
System.out.println("(被調(diào)用方法名:" + invocation.getMethod().getName()+ ")");
String methodName = invocation.getMethod().getDeclaringClass()
.getName() + "." + invocation.getMethod().getName();
System.out.println("(被調(diào)用方法全名:" + methodName + ")");
System.out.println("有否權(quán)限:(" + securityMgr.checkPermission(methodName)+ ")");
if(securityMgr.checkPermission(methodName))
return invocation.proceed();
System.out.println("Goodbye! NO Permission!(by " + this.getClass().getName() + ")");
return "--";
}
}
服務(wù)層業(yè)務(wù)接口修改如下:
public interface Service {
public String getBeanInfo();
}
服務(wù)層業(yè)務(wù)實(shí)現(xiàn)類如下:
public class ServiceBean implements Service {
ResourceBean bean;
/**//**
* @param bean The bean to set.
*/
public void setBean(ResourceBean bean) {
this.bean = bean;
}
public String getBeanInfo(){
String result="";
result+= bean.getMethod1();
result+= bean.getMethod2();
result+= bean.getMethod3();
return result;
}
}
資源層,接口 ,類如下:
public interface Resource {
}
public interface ResourceBean extends Resource{
public void theMethod();
public String getMethod1();
public String getMethod2();
public String getMethod3();
}
public class ResourceBeanImpl implements ResourceBean,InitializingBean{
public void theMethod(){
System.out.println(this.getClass().getName()
+ "." + new Exception().getStackTrace()[0].getMethodName()
+ "()"
+ " says HELLO!");
}
public String getMethod1(){
return "張三";
}
public String getMethod2(){
return "李四";
}
public String getMethod3(){
return "王五";
}
public void afterPropertiesSet() throws Exception {
System.out.println("事件監(jiān)聽:類ResourceBeanImpl屬性設(shè)置完畢");
}
}
權(quán)限管理類:
public class User {
List privilages = new java.util.ArrayList();
String name;
public User(){
}
/**//**
* @param privilages The privilages to set.
*/
public void setPrivilages(List privilages) {
this.privilages = privilages;
}
public String getName(){
return name;
}
public void setName(String name){
this.name=name;
}
public boolean isPermission(String pri){
java.util.Iterator it = privilages.iterator();
String p = "";
boolean pass=false;
while(it.hasNext()){
p=(String)it.next();
System.out.println(p);
if(p.equals(pri)){
pass = true;
break;
}
}
return pass;
}
}
public class SecurityManager {
User user;
public void setUser(User user){
this.user = user;
}
public boolean checkPermission(String privilege){
return checkPermission(user,privilege);
}
public boolean checkPermission(User user, String privilege){
return user.isPermission(privilege);
}
}
配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<!--CONFIG-->
<bean id="bean" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>com.jhalo.jsecurity.aop.ResourceBean</value>
</property>
<property name="target">
<ref local="beanTarget"/>
</property>
<property name="interceptorNames">
<list>
<value>permissionAroundAdvisor</value>
</list>
</property>
</bean>
<bean id="service" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>com.jhalo.jsecurity.aop.Service</value>
</property>
<property name="target">
<ref local="serviceBean"/>
</property>
<property name="interceptorNames">
<list>
<value>permissionAroundAdvisor</value>
</list>
</property>
</bean>
<!--CLASS-->
<bean id="resourceMgr" class="com.jhalo.jsecurity.aop.ResourceManager"/>
<bean id="beanTarget" class="com.jhalo.jsecurity.aop.ResourceBeanImpl"/>
<bean id="beanTarget2" class="com.jhalo.jsecurity.aop.ResourceBean2Impl"/>
<bean id="user" class="com.jhalo.jsecurity.aop.User">
<property name="name">
<value>tester</value>
</property>
<property name="privilages">
<list>
<value>com.jhalo.jsecurity.aop.ResourceBean.getMethod3</value>
<value>com.jhalo.jsecurity.aop.Service.getBeanInfo</value>
<value>com.jhalo.jsecurity.aop.ResourceBean.getMethod1</value>
</list>
</property>
</bean>
<bean id="securityMgr" class="com.jhalo.jsecurity.aop.SecurityManager">
<property name="user">
<ref local="user"/>
</property>
</bean>
<bean id="serviceBean" class="com.jhalo.jsecurity.aop.ServiceBean">
<property name="bean">
<!-- <ref local="beanTarget"/>-->
<ref local="bean"/>
</property>
</bean>
<!--ADVISOR-->
<!--Note: An advisor assembles pointcut and advice-->
<!-- -->
<!-- permission around advisor -->
<bean id="permissionAroundAdvisor" class="org.springframework.aop.support.RegexpMethodPointcutAdvisor">
<property name="advice">
<ref local="thePermissionAroundAdvice"/>
</property>
<property name="pattern">
<value>.*</value>
</property>
</bean>
<!--ADVICE-->
<bean id="thePermissionCheckBeforeAdvice" class="com.jhalo.jsecurity.aop.PermissionCheckAdvice"/>
<bean id="thePermissionThrowsAdvice" class="com.jhalo.jsecurity.aop.PermissionThrowsAdvice"/>
<bean id="thePermissionAroundAdvice" class="com.jhalo.jsecurity.aop.PermissionCheckAroundAdvice">
<property name="securityMgr">
<ref local="securityMgr"/>
</property>
</bean>
</beans>
User 所擁有的權(quán)限是在spring 配置文件中手工配置的,在實(shí)際應(yīng)用中不可行,可以從DB中取得。
測試類:
public class SpringAopTest {
public static void main(String[] args) {
//Read the configuration file
ApplicationContext ctx
= new FileSystemXmlApplicationContext("springconfig.xml");
String name = "";
Service sb = (Service)ctx.getBean("service");
// System.out.println("---"+ctx.isSingleton("service")+"---");
name = sb.getBeanInfo();
System.out.println("test result::" +name);
}
}
測試結(jié)果 :
(xml.XmlBeanDefinitionReader 119 ) Loading XML bean definitions from file [D:\projects\actives\jsecurity\springconfig.xml]
(support.FileSystemXmlApplicationContext 90 ) Bean factory for application context [org.springframework.context.support.FileSystemXmlApplicationContext;hashCode=25853693]: org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [bean,service,resourceMgr,beanTarget,beanTarget2,user,securityMgr,serviceBean,permissionAroundAdvisor,thePermissionCheckBeforeAdvice,thePermissionThrowsAdvice,thePermissionAroundAdvice]; root of BeanFactory hierarchy
(support.FileSystemXmlApplicationContext 287 ) 12 beans defined in application context [org.springframework.context.support.FileSystemXmlApplicationContext;hashCode=25853693]
(support.FileSystemXmlApplicationContext 395 ) Unable to locate MessageSource with name 'messageSource': using default [org.springframework.context.support.StaticMessageSource: {}]
(support.FileSystemXmlApplicationContext 417 ) Unable to locate ApplicationEventMulticaster with name 'applicationEventMulticaster': using default [org.springframework.context.event.SimpleApplicationEventMulticaster@5e5a50]
(support.FileSystemXmlApplicationContext 439 ) Refreshing listeners
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'resourceMgr'
(support.FileSystemXmlApplicationContext 448 ) Application listener [com.jhalo.jsecurity.aop.ResourceManager@a3d4cf] added
(support.DefaultListableBeanFactory 221 ) Pre-instantiating singletons in factory [org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [bean,service,resourceMgr,beanTarget,beanTarget2,user,securityMgr,serviceBean,permissionAroundAdvisor,thePermissionCheckBeforeAdvice,thePermissionThrowsAdvice,thePermissionAroundAdvice]; root of BeanFactory hierarchy]
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'bean'
(core.CollectionFactory 55 ) Using JDK 1.4 collections
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'beanTarget'
事件監(jiān)聽:類ResourceBeanImpl屬性設(shè)置完畢
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'permissionAroundAdvisor'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'thePermissionAroundAdvice'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'securityMgr'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'user'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'service'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'serviceBean'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'beanTarget2'
事件監(jiān)聽:類ResourceBean2Impl屬性設(shè)置完畢
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'thePermissionCheckBeforeAdvice'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'thePermissionThrowsAdvice'
--------ContextRefreshedEvent called
(被調(diào)用方法接口類名: com.jhalo.jsecurity.aop.Service)
(被調(diào)用方法名:getBeanInfo)
(被調(diào)用方法全名:com.jhalo.jsecurity.aop.Service.getBeanInfo)
com.jhalo.jsecurity.aop.ResourceBean.getMethod3
com.jhalo.jsecurity.aop.Service.getBeanInfo
有否權(quán)限:(true)
com.jhalo.jsecurity.aop.ResourceBean.getMethod3
com.jhalo.jsecurity.aop.Service.getBeanInfo
(被調(diào)用方法接口類名: com.jhalo.jsecurity.aop.ResourceBean)
(被調(diào)用方法名:getMethod1)
(被調(diào)用方法全名:com.jhalo.jsecurity.aop.ResourceBean.getMethod1)
com.jhalo.jsecurity.aop.ResourceBean.getMethod3
com.jhalo.jsecurity.aop.Service.getBeanInfo
com.jhalo.jsecurity.aop.ResourceBean.getMethod1
有否權(quán)限:(true)
com.jhalo.jsecurity.aop.ResourceBean.getMethod3
com.jhalo.jsecurity.aop.Service.getBeanInfo
com.jhalo.jsecurity.aop.ResourceBean.getMethod1
(被調(diào)用方法接口類名: com.jhalo.jsecurity.aop.ResourceBean)
(被調(diào)用方法名:getMethod2)
(被調(diào)用方法全名:com.jhalo.jsecurity.aop.ResourceBean.getMethod2)
com.jhalo.jsecurity.aop.ResourceBean.getMethod3
com.jhalo.jsecurity.aop.Service.getBeanInfo
com.jhalo.jsecurity.aop.ResourceBean.getMethod1
有否權(quán)限:(false)
com.jhalo.jsecurity.aop.ResourceBean.getMethod3
com.jhalo.jsecurity.aop.Service.getBeanInfo
com.jhalo.jsecurity.aop.ResourceBean.getMethod1
Goodbye! NO Permission!(by com.jhalo.jsecurity.aop.PermissionCheckAroundAdvice)
(被調(diào)用方法接口類名: com.jhalo.jsecurity.aop.ResourceBean)
(被調(diào)用方法名:getMethod3)
(被調(diào)用方法全名:com.jhalo.jsecurity.aop.ResourceBean.getMethod3)
com.jhalo.jsecurity.aop.ResourceBean.getMethod3
有否權(quán)限:(true)
com.jhalo.jsecurity.aop.ResourceBean.getMethod3
test result::張三--王五
這樣就完全把企業(yè)業(yè)務(wù)邏輯與權(quán)限管理系統(tǒng)分開了,服務(wù)層,資源層與權(quán)限檢查分離,用spring aop 通過配置文件把它們粘合在一起。實(shí)現(xiàn)了細(xì)粒度(對資源層數(shù)據(jù))的權(quán)限檢查。
接下來在此權(quán)限管理系統(tǒng)中引用角色概念,向 rbac 系統(tǒng)進(jìn)軍.(未完待續(xù))
參考資料:
An Introduction to Aspect-Oriented Programming with the Spring Framework, Part 1 by Russell Miles -- The Spring framework, which supports development of the different facets of J2EE, provides an aspect-oriented programming module that gives Spring developers the opportunity to apply aspects to their applications. This article shows you how to work with AOP in Spring.
An Introduction to Aspect-Oriented Programming with the Spring Framework, Part 2 by Russell Miles -- Russ Miles continues his introduction to Aspect-Oriented Programming (AOP) in Spring by delving into the around advice, which allows you to not just add to an existing method implementation, but to completely replace it.
方向:分布式系統(tǒng)設(shè)計(jì)