SpringAOP实现的用户权限管理【修改了别人的代码，感谢原作者！】

两种不不同的用户:User和Administrator

User类：

package com.jhalo.jsecurity.aop;
import java.util.List;
public class User {
public List privilages = new java.util.ArrayList();
public String name;
public User(){
name="alphaclick tester ";
privilages.add("com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo");
privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1");
//	        privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod2");
privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod3");
}

public String getName(){
return name;
}

public boolean isPermission(String pri){
java.util.Iterator it = privilages.iterator();
String p = "";
boolean pass=false;
while(it.hasNext()){
p=(String)it.next();
System.out.println(p);
if(p.equals(pri)){
pass = true;
break;
}
}
return pass;
}
}

Administrator类：

package com.jhalo.jsecurity.aop;
import java.util.List;
public class Administrator extends User{
public Administrator(){
name="alphaclick Administrator ";
privilages.add("com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo");
privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1");
privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod2");
privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod3");
}
}

ResourceBean接口：

public interface ResourceBean {
public void theMethod();
public String getMethod1(User user)throws PermissionDeniedException;
public String getMethod2(User user)throws PermissionDeniedException;
public String getMethod3(User user)throws PermissionDeniedException;
}

ResourceBeanImpl类：

package com.jhalo.jsecurity.aop;
public class ResourceBeanImpl implements ResourceBean{
/**//* (non-Javadoc)
* @see com.jhalo.jsecurity.aop.ResourceBean#theMethod()
*/
public void theMethod(){
System.out.println(this.getClass().getName()
+ "." + new Exception().getStackTrace()[0].getMethodName()
+ "()"
+ " theMethod!");
}

/**//* (non-Javadoc)
* @see com.jhalo.jsecurity.aop.ResourceBean#getMethod1()
*/
public String getMethod1(User user) throws PermissionDeniedException{
return "[张三 Method1 ]";
}
/**//* (non-Javadoc)
* @see com.jhalo.jsecurity.aop.ResourceBean#getMethod2()
*/
public String getMethod2(User user) throws PermissionDeniedException{
return "[李四 Method2 ]";
}
/**//* (non-Javadoc)
* @see com.jhalo.jsecurity.aop.ResourceBean#getMethod3()
*/
public String getMethod3(User user) throws PermissionDeniedException{
return "[王五 Method3 ]";
}
}

Service接口：

package com.jhalo.jsecurity.aop;
public interface Service {
public String getBeanInfo(User user) throws PermissionDeniedException;
}

ServiceBean类：

package com.jhalo.jsecurity.aop;
public class ServiceBean implements Service{
/***/
ResourceBean bean;

/**
*
* @param bean
*/
public void setBean(ResourceBean bean) {
this.bean = bean;
}

/**
*
*/
public String getBeanInfo(User user){
String result="";
try{
//调用method1
result+= bean.getMethod1(user);
}catch(PermissionDeniedException pde){
result+="PermissionDeniedException:Method1";
}

try{
//调用method2
result+= bean.getMethod2(user);
}catch(PermissionDeniedException pde){
result+="PermissionDeniedException:Method2";
}

try{
//调用method3
result+= bean.getMethod3(user);
}catch(PermissionDeniedException pde){
result+="PermissionDeniedException:Method3";
}
return result;
}
}

PermissionCheckAdvice（AOP实现的核心）

public class PermissionCheckAdvice implements MethodBeforeAdvice {
public void before(Method m, Object[] args, Object target) throws Throwable {
String privilege=target.getClass().getName()+"." +m.getName();
//新建用户
//		 User user = new User();
System.out.println("打印参数开始=======================");
User user=(User) args[0];
System.out.println(user.getName());
System.out.println("打印参数结束=======================");
if (!user.isPermission(privilege)) {
throw new PermissionDeniedException(user, privilege);
}
System.out.println("by " + this.getClass().getName()+"::"
+ "Target:"+target.getClass().getName()+"." +"Method:"+m.getName() +")");
}
}

PermissionDeniedException类：

package com.jhalo.jsecurity.aop;
public class PermissionDeniedException extends Exception {

/**
*
*/
public PermissionDeniedException(){
super();
}
/**
*
* @param user
* @param pri
*/
public PermissionDeniedException(User user,String pri){
super("User:"+user+"don't have the Permission to Operate:"+pri);
}
}

PermissionThrowsAdvice类：

package com.jhalo.jsecurity.aop;
import java.lang.reflect.Method;
import org.springframework.aop.ThrowsAdvice;
public class PermissionThrowsAdvice implements ThrowsAdvice{
public void afterThrowing(Method method, Object[] args, Object target,
Throwable subclass) {
System.out.println("Logging that a " + subclass
+ "Exception was thrown.");
}
}

SpringAopTest测试类：

package com.jhalo.jsecurity.aop;
import java.util.Iterator;
import java.util.List;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.FileSystemXmlApplicationContext;
public class SpringAopTest {
public static void main(String[] args) {
//Read the configuration file
ApplicationContext ctx
= new FileSystemXmlApplicationContext("src/applicationContext.xml");
//Instantiate an object
//ResourceBean x = (ResourceBean) ctx.getBean("bean");
//Execute the public method of the bean (the test)
//1
//x.theMethod();
//2
String name = "";
/**//*
name = x.getMethod1();
System.out.println("test result::" +name);
name = x.getMethod2();
System.out.println("test result::" +name);
name = x.getMethod3();
System.out.println("test result::" +name);*/
User user=new User();
//3

Service sb = (Service)ctx.getBean("service");
try{
name = sb.getBeanInfo(user);
}catch(PermissionDeniedException pde){}
System.out.println("User Test results::" +name);
//
User admin=new Administrator();
try{
name = sb.getBeanInfo(admin);
}catch(PermissionDeniedException pde){}
System.out.println("Administrator Test results::" +name);
}
}

applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd"> <bean id="bean" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>com.jhalo.jsecurity.aop.ResourceBean</value>
</property>
<property name="target">
<ref local="beanTarget"/>
</property>
<property name="interceptorNames">
<list>
<value>permissionCheckBeforeAdvisor</value>
<value>permissionThrowAdvisor</value>
</list>
</property>
</bean>

<bean id="service" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>com.jhalo.jsecurity.aop.Service</value>
</property>
<property name="target">
<ref local="serviceBean"/>
</property>
</bean>

<bean id="beanTarget" class="com.jhalo.jsecurity.aop.ResourceBeanImpl"></bean>

<bean id="serviceBean" class="com.jhalo.jsecurity.aop.ServiceBean">
<property name="bean">
<ref local="bean"/>
</property>
</bean>

<bean id="permissionCheckBeforeAdvisor" class="org.springframework.aop.support.RegexpMethodPointcutAdvisor">
<property name="advice">
<ref local="thePermissionCheckBeforeAdvice"/>
</property>
<property name="pattern">
<value>.*</value>
</property>
</bean>

<bean id="permissionThrowAdvisor" class="org.springframework.aop.support.RegexpMethodPointcutAdvisor">
<property name="advice">
<ref local="thePermissionThrowsAdvice"/>
</property>
<property name="pattern">
<value>.*</value>
</property>
</bean>

<bean id="thePermissionCheckBeforeAdvice" class="com.jhalo.jsecurity.aop.PermissionCheckAdvice"></bean>
<bean id="thePermissionThrowsAdvice" class="com.jhalo.jsecurity.aop.PermissionThrowsAdvice"></bean>
</beans>

代码虽然简单，但是基本实现了为不同的用户赋予不同的权限的功能。