在 Spring Boot 中使用 Spring AOP 实现接口鉴权可以帮助我们对接口的调用进行权限控制。下面是一些常见的方法:
1、基于注解的方法:在接口方法上添加自定义注解,通过定义切面类实现对注解的拦截和处理。例如:
定义注解:
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Auth {
String value();
}
定义切面类:
@Component
@Aspect
public class AuthAspect {
@Autowired
private AuthService authService;
@Pointcut("@annotation(com.example.Auth)")
public void authPointcut() {}
@Before("authPointcut() && @annotation(auth)")
public void authBefore(JoinPoint joinPoint, Auth auth) {
String permission = auth.value();
if (!authService.checkPermission(permission)) {
throw new UnauthorizedException("Unauthorized access");
}
}
}
在接口方法上添加注解:
@RestController
public class UserController {
@Autowired
private UserService userService;
@GetMapping("/user/{id}")
@Auth("user:view")
public User getUser(@PathVariable Long id) {
return userService.getUser(id);
}
}
2、基于切入点表达式的方法:通过定义切入点表达式,对指定接口进行拦截和处理。例如:
定义切面类:
@Component
@Aspect
public class AuthAspect {
@Autowired
private AuthService authService;
@Pointcut("execution(* com.example.UserService.*(..))")
public void userServicePointcut() {}
@Before("userServicePointcut()")
public void userServiceBefore(JoinPoint joinPoint) {
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
Method method = signature.getMethod();
Auth auth = method.getAnnotation(Auth.class);
if (auth != null && !authService.checkPermission(auth.value())) {
throw new UnauthorizedException("Unauthorized access");
}
}
}
在接口方法上添加注解:
@RestController
public class UserController {
@Autowired
private UserService userService;
@GetMapping("/user/{id}")
@Auth("user:view")
public User getUser(@PathVariable Long id) {
return userService.getUser(id);
}
}
以上是 Spring Boot 中使用 Spring AOP 实现接口鉴权的一些常见方法,具体使用哪种方法取决于具体的应用场景和需求。