[代码记录生活]利用注解实现权限验证
定义注解:
package app;import java.lang.annotation.Retention;import java.lang.annotation.RetentionPolicy;@Retention(RetentionPolicy.RUNTIME)public @interface PrivilegeAnnotation { String model(); //模块 String pivilegeValue();//权限名}public class StudentAction { //student 模板中的add方法@PrivilegeAnnotation(model="student",pivilegeValue="add")public void add() { System.out.println("add student......");}@PrivilegeAnnotation(model="student",pivilegeValue="update")public void update() { System.out.println("update student.......");}@PrivilegeAnnotation(model="student",pivilegeValue="delete")public void delete() { System.out.println("delete ...............");} //select 为所有用户都能查看public void select() { System.out.println("select...............");}} public class Privilege {private String uname; //用户名private String model; ////模块private String privilegeValue; //权限名 ..... get set 方法 } public class PrivilegeService {//获得用户的所有权限public static ArrayList<Privilege> getPrivilege(String uname){ArrayList<Privilege> list=new ArrayList<Privilege>();if("admin".equals(uname)){list.add(new Privilege("admin", "student", "add"));list.add(new Privilege("admin", "student", "update"));list.add(new Privilege("admin", "student", "delete"));}else {list.add(new Privilege("andy", "student", "add"));}return list;}}/** * 进行权限管理 * @author zhou * */public class PrivilegeManager {private StudentAction action;//-------------------------//b/s模式中不需要传action 接收一个StudentAction类public PrivilegeManager(StudentAction action) {this.action=action;}//------------------------- //权限验证,b/s不需要传name uname:用户名 methodName:方法名public void validate(String uname,String methodName){//1.Method method=this.getMethod(methodName);//-------------------------//2.PrivilegeAnnotation annotation=this.getAnnotation(method);//-------------------------if(annotation!=null){//3.根据注解和传入的用户名,得到Privilege对象//根据注解和传入的用户名,得到Privilege对象Privilege privilege=new Privilege();privilege.setUname(uname);privilege.setModel(annotation.model()); //获得注解中的模块名称privilege.setPrivilegeValue(annotation.pivilegeValue());//获得注解中的访问操作//-------------------------//得到该用户的所有权限ArrayList<Privilege> list=PrivilegeService.getPrivilege(uname);//判断该用户是否有权限 //contains list中是否存在指定对象if(list.contains(privilege)){ //存在this.doMethod(method); //调用方法}else{ //不存在System.out.println("没有权限");}}else{this.doMethod(method); //调用方法}}//-------------------------//得到方法名对应的Method对象private Method getMethod(String methodName){Method method=null;try { //从StudentAction类中得到对应的方法method=this.action.getClass().getDeclaredMethod(methodName);} catch (SecurityException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (NoSuchMethodException e) {// TODO Auto-generated catch blocke.printStackTrace();}return method;}//-------------------------//再将方法传入进来 得到注解对象private PrivilegeAnnotation getAnnotation(Method method){PrivilegeAnnotation annotation=null;if (method.isAnnotationPresent(PrivilegeAnnotation.class)){annotation=method.getAnnotation(PrivilegeAnnotation.class);}return annotation;}} public class Demo {public static void main(String[] args) {StudentAction action=new StudentAction(); PrivilegeManager manager=new PrivilegeManager(action); manager.validate("admin","select"); manager.validate("admin","update"); manager.validate("admin","delete"); manager.validate("admin","add"); System.out.println("------andy--------------"); manager.validate("andy","select"); manager.validate("andy","update"); manager.validate("andy","delete"); manager.validate("andy","add"); System.out.println("------jack--------------"); manager.validate("jack","select"); manager.validate("jack","update"); manager.validate("jack","delete"); manager.validate("jack","add"); } }select...............update student.......delete ...............add student......------andy--------------select...............没有权限没有权限add student......------jack--------------select...............没有权限没有权限没有权限