此權限管理系統把待訪問的業務層方法做為權限管理中的資源,通過spring aop 對接口方法進行攔截,來實現權限的管理,可以實現細粒度的權限控制。
初步采用捕獲權限否決異常實現。代碼如下:
資源接口:
public interface ResourceBean 
{
public void theMethod();
public String getMethod1()throws PermissionDeniedException;
public String getMethod2()throws PermissionDeniedException;
public String getMethod3()throws PermissionDeniedException;
} 資源實現類
public class ResourceBeanImpl implements ResourceBean {
/**//* (non-Javadoc)
* @see com.jhalo.jsecurity.aop.ResourceBean#theMethod()
*/
public void theMethod(){
System.out.println(this.getClass().getName()
+ "." + new Exception().getStackTrace()[0].getMethodName()
+ "()"
+ " says HELLO!");
}
/**//* (non-Javadoc)
* @see com.jhalo.jsecurity.aop.ResourceBean#getMethod1()
*/
public String getMethod1() throws PermissionDeniedException{
return "張三";
}
/**//* (non-Javadoc)
* @see com.jhalo.jsecurity.aop.ResourceBean#getMethod2()
*/
public String getMethod2() throws PermissionDeniedException{
return "李四";
}
/**//* (non-Javadoc)
* @see com.jhalo.jsecurity.aop.ResourceBean#getMethod3()
*/
public String getMethod3() throws PermissionDeniedException{
return "王五";
}
} 服務層接口:
public interface Service {
public String getBeanInfo() throws PermissionDeniedException;
} 服務層接口實現類:
public class ServiceBean implements Service {
ResourceBean bean;
/**//**
* @param b The b to set.
*/
public void setBean(ResourceBean bean) {
this.bean = bean;
}
public String getBeanInfo(){
String result="";
try{
result+= bean.getMethod1();
}catch(PermissionDeniedException pde){
result+="";
}
try{
result+= bean.getMethod2();
}catch(PermissionDeniedException pde){
result+="";
}
try{
result+= bean.getMethod3();
}catch(PermissionDeniedException pde){
result+="";
}
return result;
}
} 用戶權限類:
public class User {
List privilages = new java.util.ArrayList();
String name;
public User(){
name="tester";
privilages.add("com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo");
privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1");
// privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod2");
privilages.add("com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod3");
}
public String getName(){
return name;
}
public boolean isPermission(String pri){
java.util.Iterator it = privilages.iterator();
String p = "";
boolean pass=false;
while(it.hasNext()){
p=(String)it.next();
System.out.println(p);
if(p.equals(pri)){
pass = true;
break;
}
}
return pass;
}
} 權限驗證aspect
public class PermissionCheckAdvice implements MethodBeforeAdvice {
/**//* (non-Javadoc)
* @see org.springframework.aop.MethodBeforeAdvice#before(java.lang.reflect.Method, java.lang.Object[], java.lang.Object)
*/
public void before(Method m, Object[] args, Object target)
throws Throwable {
String privilege=target.getClass().getName()+"." +m.getName();
User user = new User();
if (!user.isPermission(privilege)) {
throw new PermissionDeniedException(user, privilege);
}
System.out.println("Hello world! (by " + this.getClass().getName()+"::"
+ target.getClass().getName()+"." +m.getName() +")");
}
} 權限驗證異常:
public class PermissionDeniedException extends Exception{
public PermissionDeniedException(){
super();
}
public PermissionDeniedException(User user,String pri){
super();
}
} 異常處理Advice
public class PermissionThrowsAdvice implements ThrowsAdvice{
public void afterThrowing(Method method, Object[] args, Object target,
Throwable subclass) {
System.out.println("Logging that a " + subclass
+ "Exception was thrown.");
}
} spring 配置文件:
xml version="1.0" encoding="UTF-8"?>
DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="bean" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>com.jhalo.jsecurity.aop.ResourceBeanvalue>
property>
<property name="target">
<ref local="beanTarget"/>
property>
<property name="interceptorNames">
<list>
<value>permissionCheckBeforeAdvisorvalue>
<value>permissionThrowsAdvisorvalue>
list>
property>
bean>
<bean id="service" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>com.jhalo.jsecurity.aop.Servicevalue>
property>
<property name="target">
<ref local="serviceBean"/>
property>
<property name="interceptorNames">
<list>
<value>permissionCheckBeforeAdvisorvalue>
<value>permissionThrowsAdvisorvalue>
list>
property>
bean>
<bean id="beanTarget" class="com.jhalo.jsecurity.aop.ResourceBeanImpl"/>
<bean id="serviceBean" class="com.jhalo.jsecurity.aop.ServiceBean">
<property name="bean">
<ref local="bean"/>
property>
bean>
<bean id="permissionCheckBeforeAdvisor" class="org.springframework.aop.support.RegexpMethodPointcutAdvisor">
<property name="advice">
<ref local="thePermissionCheckBeforeAdvice"/>
property>
<property name="pattern">
<value>.*value>
property>
bean>
<bean id="permissionThrowsAdvisor" class="org.springframework.aop.support.RegexpMethodPointcutAdvisor">
<property name="advice">
<ref local="thePermissionThrowsAdvice"/>
property>
<property name="pattern">
<value>.*value>
property>
bean>
<bean id="thePermissionCheckBeforeAdvice" class="com.jhalo.jsecurity.aop.PermissionCheckAdvice"/>
<bean id="thePermissionThrowsAdvice" class="com.jhalo.jsecurity.aop.PermissionThrowsAdvice"/>
beans> 簡單測試:
public class SpringAopTest {
public static void main(String[] args) {
//Read the configuration file
ApplicationContext ctx
= new FileSystemXmlApplicationContext("springconfig.xml");
//Instantiate an object
//ResourceBean x = (ResourceBean) ctx.getBean("bean");
//Execute the public method of the bean (the test)
//1
//x.theMethod();
//2
String name = "";
/**//*
name = x.getMethod1();
System.out.println("test result::" +name);
name = x.getMethod2();
System.out.println("test result::" +name);
name = x.getMethod3();
System.out.println("test result::" +name);*/
//3
Service sb = (Service)ctx.getBean("service");
try{
name = sb.getBeanInfo();
}catch(PermissionDeniedException pde){}
System.out.println("test result::" +name);
}
} 下面是用戶在沒有調用方法2的權限時的運行結果:
(support.DefaultListableBeanFactory 221 ) Pre-instantiating singletons in factory [org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [bean,service,beanTarget,serviceBean,permissionCheckBeforeAdvisor,permissionThrowsAdvisor,thePermissionCheckBeforeAdvice,thePermissionThrowsAdvice]; root of BeanFactory hierarchy]
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'bean'
(core.CollectionFactory 55 ) Using JDK 1.4 collections
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'beanTarget'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'permissionCheckBeforeAdvisor'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'thePermissionCheckBeforeAdvice'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'permissionThrowsAdvisor'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'thePermissionThrowsAdvice'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'service'
(support.DefaultListableBeanFactory 236 ) Creating shared instance of singleton bean 'serviceBean'
(adapter.ThrowsAdviceInterceptor 72 ) Found exception handler method [public void com.jhalo.jsecurity.aop.PermissionThrowsAdvice.afterThrowing(java.lang.reflect.Method,java.lang.Object[],java.lang.Object,java.lang.Throwable)]
com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo
Hello world! (by com.jhalo.jsecurity.aop.PermissionCheckAdvice::com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo)
(adapter.ThrowsAdviceInterceptor 72 ) Found exception handler method [public void com.jhalo.jsecurity.aop.PermissionThrowsAdvice.afterThrowing(java.lang.reflect.Method,java.lang.Object[],java.lang.Object,java.lang.Throwable)]
com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo
com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1
Hello world! (by com.jhalo.jsecurity.aop.PermissionCheckAdvice::com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1)
(adapter.ThrowsAdviceInterceptor 72 ) Found exception handler method [public void com.jhalo.jsecurity.aop.PermissionThrowsAdvice.afterThrowing(java.lang.reflect.Method,java.lang.Object[],java.lang.Object,java.lang.Throwable)]
com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo
com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1
com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod3
(adapter.ThrowsAdviceInterceptor 72 ) Found exception handler method [public void com.jhalo.jsecurity.aop.PermissionThrowsAdvice.afterThrowing(java.lang.reflect.Method,java.lang.Object[],java.lang.Object,java.lang.Throwable)]
com.jhalo.jsecurity.aop.ServiceBean.getBeanInfo
com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod1
com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod3
Hello world! (by com.jhalo.jsecurity.aop.PermissionCheckAdvice::com.jhalo.jsecurity.aop.ResourceBeanImpl.getMethod3)
test result::張三王五 方向:分布式系統設計