andyj2ee

java tec sky

统计

留言簿(4)

activemq

aop

design pattern

other blog

spring

workflow

多线程

软件架构师

阅读排行榜

评论排行榜

基于spring aop 权限管理系统原型<1>

111-spring_aop.gif

此权限管理系统把待访问的业务层方法做为权限管理中的资源,通过spring aop 对接口方法进行拦截,来实现权限的管理,可以实现细粒度的权限控制。
初步采用捕获权限否决异常实现。代码如下:
资源接口:

public interface ResourceBean {
    
public void theMethod();
    
public String getMethod1()throws PermissionDeniedException;
    
public String getMethod2()throws PermissionDeniedException;
    
public String getMethod3()throws PermissionDeniedException;
}

资源实现类
public class ResourceBeanImpl implements ResourceBean {

    
/* (non-Javadoc)
     * @see com.jhalo.jsecurity.aop.ResourceBean#theMethod()
     
*/

    
public void theMethod(){
        System.
out.println(this.getClass().getName()
                
+ "." + new Exception().getStackTrace()[0].getMethodName()
                
+ "()"
                
+ " says HELLO!");
    }


    
/* (non-Javadoc)
     * @see com.jhalo.jsecurity.aop.ResourceBean#getMethod1()
     
*/

    
public String getMethod1() throws PermissionDeniedException{
        
return "张三";
    }


    
/* (non-Javadoc)
     * @see com.jhalo.jsecurity.aop.ResourceBean#getMethod2()
     
*/

    
public String getMethod2() throws PermissionDeniedException{
        
return "李四";
    }


    
/* (non-Javadoc)
     * @see com.jhalo.jsecurity.aop.ResourceBean#getMethod3()
     
*/

    
public String getMethod3() throws PermissionDeniedException{
        
return "王五";
    }


}

服务层接口:
public interface Service {
    
public String getBeanInfo() throws PermissionDeniedException;
}

服务层接口实现类:
public class ServiceBean implements Service {
    ResourceBean bean;
    
    
/**
     * @param b The b to set.
     
*/

    
public void setBean(ResourceBean bean) {
        
this.bean = bean;
    }

    
public String getBeanInfo(){
        String result
="";
        
try{
            result
+= bean.getMethod1();
        }
catch(PermissionDeniedException pde){
            result
+="";
        }

        
try{
            result
+= bean.getMethod2();
        }
catch(PermissionDeniedException pde){
            result
+="";
        }

        
try{
            result
+= bean.getMethod3();
        }
catch(PermissionDeniedException pde){
            result
+="";
        }

        
return result;
    }


}

用户权限类:
public class User {
    List privilages 
= new java.util.ArrayList();
    String name;
    
public User(){
        name
="tester";
        privilages.add(
"com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo");
        privilages.add(
"com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1");
//        privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod2");
        privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod3");
    }

    
public String getName(){
        
return name;
    }

    
public boolean isPermission(String pri){
        java.util.Iterator it 
= privilages.iterator();
        String p 
= "";
        boolean pass
=false;
        
while(it.hasNext()){
            
            p
=(String)it.next();
            System.
out.println(p);
            
if(p.equals(pri)){
                pass 
= true;
                
break;
            }

        }

        
return pass;
    }


}


权限验证aspect
public class PermissionCheckAdvice implements MethodBeforeAdvice {

    
/* (non-Javadoc)
     * @see org.springframework.aop.MethodBeforeAdvice#before(java.lang.reflect.Method, java.lang.Object[], java.lang.Object)
     
*/

    
public void before(Method m, Object[] args, Object target)
            throws Throwable 
{
        String privilege
=target.getClass().getName()+"." +m.getName();
        User user 
= new User();
        
if (!user.isPermission(privilege)) {
            
throw new PermissionDeniedException(user, privilege);
        }

        System.
out.println("Hello world! (by " + this.getClass().getName()+"::"
                
+ target.getClass().getName()+"." +m.getName() +")");

    }


}

权限验证异常:
public class PermissionDeniedException extends Exception{
    
public PermissionDeniedException(){
        super();
    }

    
public PermissionDeniedException(User user,String pri){
        super();
    }

}

异常处理Advice
public class PermissionThrowsAdvice implements ThrowsAdvice{
    
public void afterThrowing(Method method, Object[] args, Object target,
            Throwable subclass) 
{
        System.
out.println("Logging that a " + subclass
                
+ "Exception was thrown.");
    }


}

spring 配置文件:
xml version="1.0" encoding="UTF-8"?>
DOCTYPE beans PUBLIC  "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>
  

  
<bean id="bean" class="org.springframework.aop.framework.ProxyFactoryBean">
    
<property name="proxyInterfaces">
      
<value>com.jhalo.jsecurity.aop.ResourceBeanvalue>
    
property>
    
<property name="target">
      
<ref local="beanTarget"/>
    
property>
    
<property name="interceptorNames">
      
<list>
        
<value>permissionCheckBeforeAdvisorvalue>
        
<value>permissionThrowsAdvisorvalue>
      
list>
    
property>
  
bean>
  
<bean id="service" class="org.springframework.aop.framework.ProxyFactoryBean">
    
<property name="proxyInterfaces">
      
<value>com.jhalo.jsecurity.aop.Servicevalue>
    
property>
    
<property name="target">
      
<ref local="serviceBean"/>
    
property>
    
<property name="interceptorNames">
      
<list>
        
<value>permissionCheckBeforeAdvisorvalue>
        
<value>permissionThrowsAdvisorvalue>
      
list>
    
property>
  
bean>

  

  
<bean id="beanTarget" class="com.jhalo.jsecurity.aop.ResourceBeanImpl"/>
  
<bean id="serviceBean" class="com.jhalo.jsecurity.aop.ServiceBean">
      
<property name="bean">
        

        
<ref local="bean"/>
      
property>
  
bean>
  

  

  
<bean id="permissionCheckBeforeAdvisor" class="org.springframework.aop.support.RegexpMethodPointcutAdvisor">
    
<property name="advice">
      
<ref local="thePermissionCheckBeforeAdvice"/>
    
property>
    
<property name="pattern">
      

      
<value>.*value>
    
property>
  
bean>
  

  
<bean id="permissionThrowsAdvisor" class="org.springframework.aop.support.RegexpMethodPointcutAdvisor">
        
<property name="advice">
            
<ref local="thePermissionThrowsAdvice"/>
        
property>
        
<property name="pattern">
            
<value>.*value>
        
property>
  
bean>

  

  
<bean id="thePermissionCheckBeforeAdvice" class="com.jhalo.jsecurity.aop.PermissionCheckAdvice"/>
  
<bean id="thePermissionThrowsAdvice" class="com.jhalo.jsecurity.aop.PermissionThrowsAdvice"/>
beans>

简单测试:
public class SpringAopTest {
    
public static void main(String[] args) {
        
//Read the configuration file
        ApplicationContext ctx
            
= new FileSystemXmlApplicationContext("springconfig.xml");

        
//Instantiate an object
        
//ResourceBean x = (ResourceBean) ctx.getBean("bean");

        
//Execute the public method of the bean (the test)
        
//1
        
//x.theMethod();
        
//2
        String name = "";
        
/*
        name = x.getMethod1();
        System.out.println("test result::" +name);
        name = x.getMethod2();
        System.out.println("test result::" +name);
        name = x.getMethod3();
        System.out.println("test result::" +name);
*/

        
        
//3
        Service sb = (Service)ctx.getBean("service");
        
try{
        name 
= sb.getBeanInfo();
        }
catch(PermissionDeniedException pde){}
        System.
out.println("test result::" +name);
      }


}

下面是用户在没有调用方法2的权限时的运行结果:
(support.DefaultListableBeanFactory  221 ) Pre-instantiating singletons in factory [org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [bean,service,beanTarget,serviceBean,permissionCheckBeforeAdvisor,permissionThrowsAdvisor,thePermissionCheckBeforeAdvice,thePermissionThrowsAdvice]; root of BeanFactory hierarchy]
(support.DefaultListableBeanFactory  
236 ) Creating shared instance of singleton bean 'bean'
(core.CollectionFactory              
55  ) Using JDK 1.4 collections
(support.DefaultListableBeanFactory  
236 ) Creating shared instance of singleton bean 'beanTarget'
(support.DefaultListableBeanFactory  
236 ) Creating shared instance of singleton bean 'permissionCheckBeforeAdvisor'
(support.DefaultListableBeanFactory  
236 ) Creating shared instance of singleton bean 'thePermissionCheckBeforeAdvice'
(support.DefaultListableBeanFactory  
236 ) Creating shared instance of singleton bean 'permissionThrowsAdvisor'
(support.DefaultListableBeanFactory  
236 ) Creating shared instance of singleton bean 'thePermissionThrowsAdvice'
(support.DefaultListableBeanFactory  
236 ) Creating shared instance of singleton bean 'service'
(support.DefaultListableBeanFactory  
236 ) Creating shared instance of singleton bean 'serviceBean'
(adapter.ThrowsAdviceInterceptor     
72  ) Found exception handler method [public void com.jhalo.jsecurity.aop.PermissionThrowsAdvice.afterThrowing(java.lang.reflect.Method,java.lang.Object[],java.lang.Object,java.lang.Throwable)]
com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo
Hello world
! (by com.jhalo.jsecurity.aop.PermissionCheckAdvice::com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo)
(adapter.ThrowsAdviceInterceptor     
72  ) Found exception handler method [public void com.jhalo.jsecurity.aop.PermissionThrowsAdvice.afterThrowing(java.lang.reflect.Method,java.lang.Object[],java.lang.Object,java.lang.Throwable)]
com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo
com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1
Hello world
! (by com.jhalo.jsecurity.aop.PermissionCheckAdvice::com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1)
(adapter.ThrowsAdviceInterceptor     
72  ) Found exception handler method [public void com.jhalo.jsecurity.aop.PermissionThrowsAdvice.afterThrowing(java.lang.reflect.Method,java.lang.Object[],java.lang.Object,java.lang.Throwable)]
com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo
com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1
com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod3
(adapter.ThrowsAdviceInterceptor     
72  ) Found exception handler method [public void com.jhalo.jsecurity.aop.PermissionThrowsAdvice.afterThrowing(java.lang.reflect.Method,java.lang.Object[],java.lang.Object,java.lang.Throwable)]
com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo
com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1
com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod3
Hello world
! (by com.jhalo.jsecurity.aop.PermissionCheckAdvice::com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod3)
test result::张三王五




方向:分布式系统设计

posted on 2005-03-31 16:51 java光环 阅读(2095) 评论(0)  编辑  收藏 所属分类: spring