Spring AOP permission Verification method based on annotation interception

In the Web development process, a very good development process is that developers do not need to be concerned about permissions in development, there is no need to write a lot of logic in Java methods to determine whether the user has the right role and permissions, so development will cost a lot of human costs, because all developers need to understand Details about the permissions are also very difficult to post maintenance. We want to have a very small number of developers who understand the content of permissions and can easily modify and configure them at any time. As a result, we use Annotation to add, modify, and remove administrative functions for permissions before Java methods can be used Annotation.

This article describes a typical application case for permission validation issues that are frequently encountered during the development process, as described below: The system requires that only logged-in users can order. With this simple example, we'll see how to complete the entire system's permissions control.

The development environment for this article is as follows:

Struts2

Spring 3.0

JDK1.6

AspectJ 6.9

This article will be divided into the following chapters, detailing the proposed permissions validation methods:

Basic concepts of AOP

Permission Validation System Architecture detailed explanation

Basic concepts of AOP

AOP is the abbreviation of Aspect oriented programming, meaning aspect-oriented programming. We can extract a lot of common things in the system development as a Aspect, can be understood as in the system, we need many times to repeat the implementation of the function. For example, calculate how many milliseconds a method has run, determine whether the user has access rights, the user is logged in, transaction processing of data, logging, and so on.

In general, we describe a story about what happens when and where, and that join point means, the place where it happened, Advice is what happened, Aspect is the whole of the story, including Join Point and Advice. PointCut a regular summary of the site, such as using regular expressions (com.example.service.*, all the methods below the service pack), to describe where all Advice occurred.

The reader should now have a general idea of the basic concepts of AOP, and here's a few more details:

Join point: Represents the explicitly defined execution points in a program, which can itself nest other join points, including method calls, access to class members, and execution of exception handler blocks.

PointCut: Represents a set of join point, which are either grouped by logical relationships or assembled by means of a wildcard, regular expression, and define where the corresponding Advice will occur.

Advice:advice defines the action to be done within the PointCut defined in the before, which distinguishes between each Join point before, after, or in lieu of executing code.

Implementation of Spring AOP permission verification method based on Annotation

Spring AOP currently supports only the method based join Points and does not support fileds join Points, and can also use AspectJ to implement fields based AOP, which does not destroy Spring's core API 。 Spring AOP is more inclined to work with the spring IoC to solve more common problems in enterprise-class systems.

In this specific example, we have implemented such a scenario, when the user placed an order, the first to determine whether the user has logged in, if the user does not log on, the system will go to the login page, require users to log in.

1. Configure ApplicationContext

The configuration that supports AOP in spring is very simple, just add in the spring configuration file Applicationcontext.xml:

<aop:aspectj-autoproxy/>

Also configured in the Applicationcontext.xml schema:

Listing 1

<beans xmlns= "Http://www.springframework.org/schema/beans"
xmlns:xsi= "http://www.w3.org/2001/ Xmlschema-instance "
xmlns:p=" http://www.springframework.org/schema/p "
xmlns:aop=" http:// WWW.SPRINGFRAMEWORK.ORG/SCHEMA/AOP "
xmlns:context=" Http://www.springframework.org/schema/context
" xmlns:tx= "Http://www.springframework.org/schema/tx"
xmlns:cache= "http://www.springframework.org/schema/ Cache "
xsi:schemalocation="
  Http://www.springframework.org/schema/beans 
  http:// Www.springframework.org/schema/beans/spring-beans.xsd 
  Http://www.springframework.org/schema/cache 
  Http://www.springframework.org/schema/cache/spring-cache.xsd 
  Http://www.springframework.org/schema/tx 
  http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
  http://www.springframework.org/schema/ AOP 
  http://www.springframework.org/schema/aop/spring-aop-3.1.xsd ">

At the time of configuration, we need to place the referenced jar package under the Web-inf/lib directory:

The required Jar pack has

After you configure these, Spring AOP can start working.