Java custom annotations and runtime reflection get annotations to solve Shiro annotation-type permission factor acquisition problems

The project's permission assignment, adopts the RBAC design pattern. When you configure permissions in the background, you need to get all the permission factors.

Without reminding me of the Srbac module of the YII framework, there is a previous Ecshop transformation of the system's permission configuration, all using the reflection mechanism of PHP.

So the experience of the PHP project to the Java project, found that PHP experience in Java, the implementation is not so convenient.

The main reasons for this are:
The first is that the linguistic characteristics lead to the difference of permission control.

The second is that the project uses the SSH framework, and the action name has already replaced the original name with the annotation. The combination of class name and method name obtained using reflection is not a valid permission factor (of course, workaround or reflection).

The third is the use of Apache Shiro permission control, automatic annotation type, judgment is based on the value of the annotation to judge. The PHP project that has been handled is the one that controls permissions without prior binding permission annotations (language feature differences, frame design pattern differences).

The question is, how do you get permission annotations on every method?

The code is as follows:

 /*** Find all permission factors * *@authorPhpdragon * @date 2014-12-24 pm 9:53:49 *@paramargs *@throwsException * @description: *@returnvoid *@throws     */     PublicMap<string, string>findallrequirespermissions () {String PackagePath=Servletactioncontext.getservletcontext (). Getrealpath ("/"); PackagePath+ = "/web-inf/classes/com/xxx/action/backmanage"; String PackageName= "Com.xxx.action.manage"; List<Class<?>> classes =NewArraylist<class<?>>(); Map<string, string> result =NewHashmap<string, string>(); Try{Classes=Findallclass (PackageName, PackagePath);  for(class<?>clas:classes) {method[] Methods=Clas.getmethods ();  for(Method method:methods) {if(Method.isannotationpresent (requirespermissions.class) ) {string[] Annotation_value=method.getannotation (requirespermissions.class). value ();  for(String val:annotation_value) {Result.put (Val, Val); }                    }                }            }        } Catch(Exception e) {e.printstacktrace (); }        returnresult; }    /*** Query all class files under a directory * *@authorPhpdragon * @date 2014-12-24 pm 9:56:33 *@paramPackageName *@paramPackagePath *@return* @description: *@returnlist<class<?>> *@throws     */    PrivateList<class<?>>Findallclass (String packagename, String packagepath) {List<Class<?>> classes =NewArraylist<class<?>>(); Try {            //Gets the directory for this package to create a fileFile dir =NewFile (PackagePath); //If it does not exist or is not a directory, return directly            if(!dir.exists () | | |dir.isdirectory ()) {                returnclasses; }            //if it exists, get all files under the package including directoryfile[] Dirfiles =Dir.listfiles (); //Loop All Files             for(File file:dirfiles) {//continue scanning if it is a directory                if(File.isdirectory ()) {}Else {                    //If the Java class file is removed, the following. Class only leaves the class namestring[] tmp = File.getname (). split ("\ \"); String File_type= Tmp[tmp.length-1].tolowercase (); String ClassName= File.getname (). substring (0, File.getname (). Length ()-File_type.length ()-1); Try {                        //add to the collectionClasses.add (Class forname (PackageName+ '. ' +className)); } Catch(Exception e) {e.printstacktrace (); }                }            }        } Catch(Exception e) {e.printstacktrace (); }        returnclasses; }

OK, now you can get the effective permission factor, you can continue the following permissions assignment work.

Conclusion:
1. Permissions configuration in the current development environment compared to the processed PHP project, the permission factor needs to be manually configured and written dead on the configuration file or code annotations. The same functionality, Java projects are relatively complex.

2. If the original SERVERLT development method is used, the permission judgment will be much simpler before invoking action and method. Of course, the use of custom filters in the SSH framework is not a problem.

3. There are many kinds of rights control methods in SSH framework, all of the above conclusions are only valid in the current development environment, if there is a way out, hope treatise.

Ps:

http://blog.csdn.net/jdzms23/article/details/17550119

Http://www.cnblogs.com/mengdd/archive/2013/02/02/2890182.html

Http://www.wl566.com/biancheng/152312.html

http://blog.csdn.net/justinavril/article/details/2873664

http://blog.csdn.net/bao19901210/article/details/17201173

http://blog.csdn.net/lfsf802/article/details/7392336

Http://zhidao.baidu.com/link?url=bfmG-TjKbnw_OIcqgcYZ5jgMsWz9nNuXcC4CJAq6R6lyNp1ifUrVfbw-aBwJ6akIC2DABoRpbMmOxfLu1gYKRq

http://cuisuqiang.iteye.com/blog/1511887

Java custom annotations and runtime reflection get annotations to solve Shiro annotation-type permission factor acquisition problems