Question

对于一个项目，我正在尝试实现我自己的@Secured（安全级别）注释，该注释应该检查用户的安全级别，并根据用户是否具有“许可”来验证方法。我尝试构建它，但由于某种原因，我的方面的代码似乎没有触发。日志中也没有给出错误。我无法在Stackoverflow上找到解决问题的正确方法。

我可以使用spring安全性，但由于项目的性质，自定义它比仅仅使用我自己的自定义注释要努力得多。我在spring-mvc配置中使用它。

相关代码是：

public enum SecurityRole {
    ROLE_USER, ROLE_ADMIN
}

@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Secured {
    SecurityRole value();
}




@Controller
public class HomeController {

    @Autowired
    private UserService userService;

    @RequestMapping("/")
    @Secured
    public String listContacts(Map<String, Object> map, HttpSession session) {
        if (session.isNew())
            session.setAttribute("test", 123);
        session.setAttribute("test", (Integer) session.getAttribute("test") + 1);
        System.out.println(session.getAttribute("test"));
        map.put("user", new User());
        map.put("userList", userService.listUser());
        return "user";
    }
}



@Aspect
public class SecurityAspect {

    @Pointcut(value = "execution(public * *(..))")
    public void anyPublicMethod() {
    }

    @Around("anyPublicMethod() && @annotation(securityRole)")
    public Object secure(ProceedingJoinPoint pjp, Secured securityRole)
            throws Throwable {
        System.out.println("called secured!");
        System.out.println(securityRole.value());
        return pjp.proceed();
    }
}

（根context.xml中）

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"
    xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/beans  
                                http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  
                                http://www.springframework.org/schema/aop  
                                http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
    <!-- Root Context: defines shared resources visible to all other web components -->
    <aop:aspectj-autoproxy />

    <bean id="securityMonitor" class="com.blafoo.usersystem.aspects.SecurityAspect" />
</beans>

Answer 1

声明

<aop:aspectj-autoproxy />

仅适用于在相同上下文中定义的bean。在root-context.xml中，您只定义了一个bean securityMonitor。因此，不建议使用@Controller bean（可能在服务器上下文中声明）。

注释上的Spring AOP不会触发

1 个答案: