版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/Yubu_/article/details/72404235
系统的大量操作都必须在用户登录的状态下进行,特别是后台管理系统。在进行系统开发时,进行登录状态检查是必不可少的步骤。此处采用注解的方法,实现登录检查。
第一步,新建注解AllowAnonymous和HasPermission("Permission String")
@Target(value=ElementType.METHOD)
@Retention(value=RetentionPolicy.RUNTIME)
public @interface AllowAnonymous {
}
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface HasPermission {
public String value();
}
第二步,建立BasicServlet
在BasicServlet中通过反射读取注解信息,如果没有标记AllowAnonymous,则说明操作需要进行登录检查。对不需要登录就可以进行的操作,需要标记AllowAnonymous。
public class BasicServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
this.doGet(req, resp);
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String action=req.getParameter("action");
if (StringUtils.isEmpty(action)) {
AdminUtils.showError(req, resp, "action error");
return;
}
Class cls=this.getClass();
try {
Method methodAction=cls.getMethod(action, HttpServletRequest.class,HttpServletResponse.class);
AllowAnonymous allowAnonymous=methodAction.getAnnotation(AllowAnonymous.class);
if (allowAnonymous==null) { //need to check login status
Long adminUserId=AdminUtils.getAdminUserId(req);
if (adminUserId==null) {
String ctxPath=req.getContextPath();
AdminUtils.showError(req, resp, "未登陆<a target='_top' href='"+ctxPath+"/Index?action=login'>点此登录</a>");
return;
}
HasPermission hasPermission=methodAction.getAnnotation(HasPermission.class);
if (hasPermission!=null) {
AdminUserService adminUserService=new AdminUserService();
boolean isOk=adminUserService.hasPermission(adminUserId, hasPermission.value());
if (!isOk) {
AdminUtils.showError(req, resp, "无权访问");
return;
}
}
}
methodAction.invoke(this, req,resp);
} catch (Exception e) {
//异常处理
}
}
}
第三部,建立其它Servlet,继承BasicServlet
@WebServlet("/Index")
public class IndexServlet extends BasicServlet {
public void index(HttpServletRequest req,HttpServletResponse resp) throws ServletException, IOException{
req.getRequestDispatcher("/WEB-INF/index.jsp").forward(req, resp);
}
//登录操作,不需要进行登录检查,标记AllowAnonymous
@AllowAnonymous
public void login(HttpServletRequest req,HttpServletResponse resp) throws ServletException, IOException{
req.getRequestDispatcher("/WEB-INF/login.jsp").forward(req, resp);
} }
public class RoleServlet extends BasicServlet {
//标记需要的权限
@HasPermission("Role.Query")
public void list(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
RoleService roleService = new RoleService();
RoleDTO[] roles = roleService.getAllNotDeleted();
request.setAttribute("roles", roles);
request.getRequestDispatcher("/WEB-INF/role/roleList.jsp").forward(request, response);
} catch (ServletException | IOException e) {
AdminUtils.showError(request, response, "Service Error");
}
}
}