The true implementation of Spring AOP interception in the SSH Integration Framework

The question is presented as follows:

Under the STRUTS1 framework, there are three types of action controllers, namely, Mappingdispatchaction, dispatchaction, and action, which are inherited in turn, and execute the Execute method eventually. However, there is no Execute method in subclasses of Mappingdispatchaction, Dispatchaction, only specific methods specified by parameters, and these methods are mappingdispatchaction, Dispatchaction the Execute method invocation of this class, with particular attention being done through reflection mechanisms (you can look at the source code for the Dispatchaction class), so these reflection-invoked methods are not blocked by spring AOP, Therefore, it is not possible to use the slice programming to achieve permission control.

Workaround:

The BA-BA movement network is an ideal solution by covering the Delegatingrequestprocessor controller's Processactionperform method, but it is not strictly an AOP slicing programming method. Therefore, the author only from the point of view of learning AOP programming angle to present this article, for the practicality of the author strongly recommend the Palestinian Movement Network program.

This method solves the idea:

1. Overwrite Execute method, then imitate dispatchaction reflection to call concrete method;

2. Implement the spring AOP intercept point and start intercepting the program within the scope of the configuration description;

3. Realize the reflection mechanism again in the Pointcut program, obtain the permission configuration information on the execution method;

4. Decide whether to release or return according to the authority information.

Ultimately, you can intercept either the Execute method or the permission annotation configuration information in the specific method. Take this BBS system as an example:

The first step: all classes that inherit from Dispatchaction override the Execute method:

　　@Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response) throws Exception {
return super.execute(mapping, form, request, response);
}
//假如这个action中有一个具体的方法：
@Privilege(userType=PrivilegeType.Admin,message="需管理员权限!")
public ActionForward addUI(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response) throws Exception {
CategoryForm categoryForm = (CategoryForm)form;
categoryForm.setTitle("新增分类");
return mapping.findForward("addUI");
}

Step two: Do your own permission configuration:

Look at the annotations on the Addui method above should be able to understand these configurations

　　@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Privilege {
String message() default "您没有权限执行该操作，请登录后重试！";
PrivilegeType userType();
}