Java Code Examples for org.springframework.web.bind.annotation.RequestMethod#toString()

The following examples show how to use org.springframework.web.bind.annotation.RequestMethod#toString() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RoleResourceAspect.java    From disconf with Apache License 2.0 4 votes vote down vote up
/**
 * 判断当前用户对访问的方法是否有权限
 *
 * @param pjp            方法
 * @param requestMapping 方法上的annotation
 *
 * @return
 *
 * @throws Throwable
 */
@Around("anyPublicMethod() && @annotation(requestMapping) && !@annotation(com.baidu.dsp.common.annotation.NoAuth)")
public Object decideAccess(ProceedingJoinPoint pjp, RequestMapping requestMapping) throws Throwable {

    // 获取method上的url,若未标注value则默认为空字符串
    String[] values = requestMapping.value();
    String methodUrl = "";
    if (values.length != 0) {
        methodUrl = values[0];
    }

    String clsUrl = pjp.getTarget().getClass().getAnnotation(RequestMapping.class).value()[0];

    // 拼接method和class上标注的url
    if (!clsUrl.endsWith(RoleResourceConstant.URL_SPLITOR) &&
            !methodUrl.startsWith(RoleResourceConstant.URL_SPLITOR)) {
        clsUrl += RoleResourceConstant.URL_SPLITOR;
    }

    String urlPattarn = clsUrl + methodUrl;
    if (!urlPattarn.endsWith(RoleResourceConstant.URL_SPLITOR)) {
        urlPattarn += RoleResourceConstant.URL_SPLITOR;
    }

    if (noAuthCheckUrl != null && noAuthCheckUrl.contains(urlPattarn)) {

        LOG.info("don't need to check this url: " + urlPattarn);
    } else {

        // 获取method上标注的http method,若未标注method则默认为GET
        RequestMethod[] methods = requestMapping.method();
        RequestMethod methodType = RequestMethod.GET;
        if (methods.length != 0) {
            methodType = methods[0];
        }

        String urlInfo = urlPattarn + ", method:" + methodType.toString();

        // 获取用户角色
        Visitor visitor = ThreadContext.getSessionVisitor();
        if (visitor == null) {
            LOG.warn("No session visitor!");
            throw new AccessDeniedException("No session visitor! " + urlInfo);
        }
        Integer roleId = visitor.getRoleId();
        String visitorInfo = ", UserId:" + visitor.getId() + ", RoleId:" + roleId;

        Boolean isPriviledged = true;
        // 判断用户是否有权限访问方法
        if (!this.isMethodAccessible(urlPattarn, methodType, roleId)) {
            isPriviledged = false;
            throw new AccessDeniedException("Access Denied: " + urlInfo + visitorInfo);
        }
        LOG.info("Accessing URL:" + urlInfo + visitorInfo + ", Is priviledged:" + isPriviledged.toString());
    }

    Object rtnOb = null;

    try {
        // 执行方法
        rtnOb = pjp.proceed();
    } catch (Throwable t) {
        LOG.info(t.getMessage());
        throw t;
    }

    return rtnOb;
}
 
Example 2
Source File: RoleResourceAspect.java    From disconf with Apache License 2.0 4 votes vote down vote up
/**
 * 判断当前用户对访问的方法是否有权限
 *
 * @param pjp            方法
 * @param requestMapping 方法上的annotation
 *
 * @return
 *
 * @throws Throwable
 */
@Around("anyPublicMethod() && @annotation(requestMapping) && !@annotation(com.baidu.dsp.common.annotation.NoAuth)")
public Object decideAccess(ProceedingJoinPoint pjp, RequestMapping requestMapping) throws Throwable {

    // 获取method上的url,若未标注value则默认为空字符串
    String[] values = requestMapping.value();
    String methodUrl = "";
    if (values.length != 0) {
        methodUrl = values[0];
    }

    String clsUrl = pjp.getTarget().getClass().getAnnotation(RequestMapping.class).value()[0];

    // 拼接method和class上标注的url
    if (!clsUrl.endsWith(RoleResourceConstant.URL_SPLITOR) &&
            !methodUrl.startsWith(RoleResourceConstant.URL_SPLITOR)) {
        clsUrl += RoleResourceConstant.URL_SPLITOR;
    }

    String urlPattarn = clsUrl + methodUrl;
    if (!urlPattarn.endsWith(RoleResourceConstant.URL_SPLITOR)) {
        urlPattarn += RoleResourceConstant.URL_SPLITOR;
    }

    if (noAuthCheckUrl != null && noAuthCheckUrl.contains(urlPattarn)) {

        LOG.info("don't need to check this url: " + urlPattarn);
    } else {

        // 获取method上标注的http method,若未标注method则默认为GET
        RequestMethod[] methods = requestMapping.method();
        RequestMethod methodType = RequestMethod.GET;
        if (methods.length != 0) {
            methodType = methods[0];
        }

        String urlInfo = urlPattarn + ", method:" + methodType.toString();

        // 获取用户角色
        Visitor visitor = ThreadContext.getSessionVisitor();
        if (visitor == null) {
            LOG.warn("No session visitor!");
            throw new AccessDeniedException("No session visitor! " + urlInfo);
        }
        Integer roleId = visitor.getRoleId();
        String visitorInfo = ", UserId:" + visitor.getId() + ", RoleId:" + roleId;

        Boolean isPriviledged = true;
        // 判断用户是否有权限访问方法
        if (!this.isMethodAccessible(urlPattarn, methodType, roleId)) {
            isPriviledged = false;
            throw new AccessDeniedException("Access Denied: " + urlInfo + visitorInfo);
        }
        LOG.info("Accessing URL:" + urlInfo + visitorInfo + ", Is priviledged:" + isPriviledged.toString());
    }

    Object rtnOb = null;

    try {
        // 执行方法
        rtnOb = pjp.proceed();
    } catch (Throwable t) {
        LOG.info(t.getMessage());
        throw t;
    }

    return rtnOb;
}