SpringAOP实现权限

applicationContext.xml

<bean id="empDAO" class="dao.EmpDAO"></bean>
	<bean id="empService" class="service.EmpService">
		<property name="dao">
			<ref local="empDAO" />
		</property>
	</bean>
	<bean name="/emp" class="action.EmpAction">
		<property name="service">
			<ref local="empService" />
		</property>
	</bean>

	<!-- 定义普通员工权限检查拦截器 ，class即前面的EmpAuthorityInterceptor.java-->
	<bean id="empAuthorityInterceptor"
		class="util.EmpAuthorityInterceptor" />

	<!--  以员工权限拦截器生成代理  -->
	<bean
		class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
		<property name="beanNames">
			<list>
				<value>/emp</value>
			</list>
		</property>
		<property name="interceptorNames">
			<list>
				<value>empAuthorityInterceptor</value>
			</list>
		</property>
	</bean>

 EmpAuthorityInterceptor.java

 

package util;

import javax.servlet.http.HttpServletRequest;

import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.struts.action.ActionMapping;

public class EmpAuthorityInterceptor implements MethodInterceptor {

	public Object invoke(MethodInvocation invocation) throws Throwable {
		HttpServletRequest request = null;
		ActionMapping mapping = null;
		Object[] args = invocation.getArguments();
		// 解析目标方法的参数
		for (int i = 0; i < args.length; i++) {
			if (args[i] instanceof HttpServletRequest)
				request = (HttpServletRequest) args[i];
			if (args[i] instanceof ActionMapping)
				mapping = (ActionMapping) args[i];
		}
		String parameter = mapping.getParameter();
		String methodName = request.getParameter(parameter);
		String path = mapping.getPath();
		System.out.println("方法名======"+methodName);
		System.out.println("path======="+path);

		// 从session中得到用户
		String username = (String) request.getSession()
				.getAttribute("username");
		// 如是经理级别则继续，否则，回到登陆页面
		if (username != null && username.equals("admin")) {
			return invocation.proceed();
		} else {
			return mapping.findForward("error");
		}
	}
}