问题
I'm a little new to AOP, and got confused about the problem I'm facing. I have the Annotation @AuthorizeUser which acts on methods, on Presentation Layer. I need to check if User is authorized to execute that method or not. Here is the code for AuthorizeUserAspect:
@Aspect
public class AuthorizeUserAspect {
@AuthoWired
private UserService service;
@Before(value = "@annotation(com.company.annotation.AuthorizeUser)")
public void isAuthorized(JoinPoint jp) {
// Check if the user has permission or not
// executing some Service Layer services and
// Persistence Layer, corresponding to that
service.checkUser();
// Is there a way I can make this method Conditional. something like:
if ( /* User has permission */ ) {
// do nothing, so the method will be executed after this
}
else {
// 1) Prevent the Method to be executed [and/or]
// 2) Pass some Parameters to the method for checking [and/or]
// 3) Execute another method on that class [e.g showAccessDenied()]
}
}
}
It's a little bit similar to this question Spring MVC + Before Advice check security. But it suggested to return some String (ie. "Not OK"). There are two types of UI in my application (Struts and Jersey), so there would be two type of return type (String and Response respectively). So I guess that might not be the best way to do it.
I would be very glad if you could show me a workaround for this.
Is this even a good approach or not?
回答1:
First of all, have you looked at Spring Security? It is completely declarative and does not require you to write aspects yourself. It secures methods by throwing an exception if the user is not authenticated or doesn't have the required privilege.
Regarding your problem with two different return types:
First option: Create two different kinds of advices, specific to the return type of the method:
@Before("@annotation(com.company.annotation.AuthorizeUser) && execution(String *.*(..))")
public void isAuthorizedString(JoinPoint jp) {
...
}
@Before("@annotation(com.company.annotation.AuthorizeUser) && execution(Response *.*(..))")
public void isAuthorizedResponse(JoinPoint jp) {
...
}
Second option: Find out the return type of the advised method via reflection and return a different value based on that:
@Before("@annotation(com.company.annotation.AuthorizeUser")
public void isAuthorized(JoinPoint jp) {
Class<?> returnType = ((MethodSignature)jp.getStaticPart()
.getSignature()).getReturnType();
if(returnType == String.class)
...
else
...
}
来源:https://stackoverflow.com/questions/12248716/conditional-behavior-of-spring-aop-before-advice