SpringBoot使用AOP+注解实现简单的权限验证的方法

<!--aop包-->
<dependency>
  <groupid>org.springframework.boot</groupid>
  <artifactid>spring-boot-starter-aop</artifactid>
</dependency>

@target(elementtype.method)
@retention(retentionpolicy.runtime)
@documented
public @interface permission {

   string authorities() default "admin";

}

public class annotationparse {
  /***
   * 解析权限注解
   * @return 返回注解的authorities值
   * @throws exception
   */
  public static string privilegeparse(method method) throws exception {
    //获取该方法
    if(method.isannotationpresent(permission.class)){
      permission annotation = method.getannotation(permission.class);
      return annotation.authorities();
    }
    return null;
  }
}

@aspect
@component
public class controlleraspect {

  private final static logger logger = loggerfactory.getlogger(controlleraspect.class);

  @autowired
  private userservice userservice;
  /**
   * 定义切点
   */
  @pointcut("execution(public * com.wqh.blog.controller.*.*(..))")
  public void privilege(){}

  /**
   * 权限环绕通知
   * @param joinpoint
   * @throws throwable
   */
  @responsebody
  @around("privilege()")
  public object isaccessmethod(proceedingjoinpoint joinpoint) throws throwable {
    //获取访问目标方法
    methodsignature methodsignature = (methodsignature)joinpoint.getsignature();
    method targetmethod = methodsignature.getmethod();
    //得到方法的访问权限
    final string methodaccess = annotationparse.privilegeparse(targetmethod);

    //如果该方法上没有权限注解，直接调用目标方法
    if(stringutils.isblank(methodaccess)){
      return joinpoint.proceed();
    }else {
      //获取当前用户的权限,这里是自定义的发那个发
      user currentuser = userservice.getcurrentuser();
      logger.info("访问用户，{}",currentuser.tostring());
      if(currentuser == null){
        throw new loginexception(resultenum.login_error);
      }
      if(methodaccess.equals(currentuser.getrole().tostring())){
        return joinpoint.proceed();
      }else {
        throw new businessexception(resultenum.role_error);
      }
    }
  }
}