Spring AOP验证用户权限

1.新建一个Java普通工程，并需导入spring-aop.jar包；
2.建UserInfo类：
package aop.secure;

public class UserInfo {
   
    private String userName;
    private String password;
   
    public UserInfo(String userName, String password){
        this.userName = userName;
        this.password = password;
    }

    public String getPassword() {
        return password;
    }

    public String getUserName() {
        return userName;
    }
}

3.建安全信息提示类SecureBean：
package aop.secure;

public class SecureBean {

    public void writeSecureMessage(){
        System.out.println("Every time I learn something new and it pushes some old stuff out of my brain.");
    }
}

4.建切面类SecurityAdvice实现org.springframework.aop.MethodBeforeAdvice：
package aop.secure;

import java.lang.reflect.Method;

import org.springframework.aop.MethodBeforeAdvice;

public class SecurityAdvice implements MethodBeforeAdvice {

    private SecurityManager securityManager;
   
    public SecurityAdvice(){
        this.securityManager = new SecurityManager();
    }

    public void before(Method method, Object[] args, Object target) throws Throwable {
        UserInfo user = securityManager.getLoggedOnUser();
        if(user == null){
            System.out.println("No user authenticated.");
            throw new SecurityException("Method name: " + method.getName());
        }else if("chigo".equals(user.getUserName()) && "chigo".equals(user.getPassword())){
            System.out.println("OKAY!");
        }else{
            System.out.println("Logged in user is: " + user.getUserName());
            throw new SecurityException("User " + user.getUserName() + " is not allowed access to method " + method.getName());
        }
    }

}

5.建登陆与注销管理类SecurityManager：
package aop.secure;

public class SecurityManager {
   
    private static ThreadLocal local = new ThreadLocal();
   
    public void login(String userName, String password){
        local.set(new UserInfo(userName,password));
    }
   
    public void logout(){
        local.set(null);
    }
   
    public UserInfo getLoggedOnUser(){
        return (UserInfo)local.get();
    }
}

6.最后建测试类SecurityExample：
package aop.secure;

import org.springframework.aop.framework.ProxyFactory;

public class SecurityExample {

    private static SecureBean getSecureBean(){
        SecureBean sbean = new SecureBean();
        SecurityAdvice sadvice = new SecurityAdvice();
        ProxyFactory pf = new ProxyFactory();
        pf.setTarget(sbean);
        pf.addAdvice(sadvice);
        SecureBean factory = (SecureBean)pf.getProxy();
        return factory;
    }
   
    public static void main(String[] args) {
        SecurityManager mgr = new SecurityManager();
        SecureBean sbean = getSecureBean();
       
        mgr.login("chigo","chigo");
        sbean.writeSecureMessage();
        mgr.logout();
       
        try{
            mgr.login("kkk","");
            sbean.writeSecureMessage();
        }catch(SecurityException ex){
            System.out.println("Exception caught: " + ex.getMessage());
        }finally{
            mgr.logout();
        }
       
        try{
            sbean.writeSecureMessage();
        }catch(SecurityException ex){
            System.out.println("Exception caught: " + ex.getMessage());
        }
    }

}