本文介绍了一种通过自定义注解实现权限控制的方法。利用Spring框架提供的ApplicationListener监听机制,在项目启动时自动扫描所有带有自定义@AuthAnnotation注解的方法,并收集其权限声明。此方法适用于需要进行细粒度权限控制的应用场景。
这里主要是扫描自定义注解
public class AnnotationScan implements ApplicationListener<ContextRefreshedEvent>{
@Autowired
RedisTemplate redisTemplate;
private final static Logger logger = LoggerFactory.getLogger(AnnotationScan.class);
/**
* 初始化方法
* @param event
*/
@Override
public void onApplicationEvent(ContextRefreshedEvent event) {
HashSet<String> set = new HashSet<>();//权限点集合
if(event.getApplicationContext().getParent() == null)
{
Map<String, Object> beans = event.getApplicationContext().getBeansWithAnnotation(RestController.class);//获取全部ControllerBean
Set<Map.Entry<String, Object>> entries = beans.entrySet();//遍历Bean
Iterator<Map.Entry<String, Object>> iterator = entries.iterator();
while(iterator.hasNext()){
Map.Entry<String, Object> map = iterator.next();
Class<?> aClass = map.getValue().getClass();
Method[] methods = aClass.getMethods();
for (Method method: methods
) {
AuthAnnotation annotation = method.getAnnotation(AuthAnnotation.class);
if(annotation==null){//有无权限注解
logger.warn("未作权限限制");
}else{
String[] authorities = annotation.authorities();
for (String authority: authorities
) {
set.add(authority);//遍历权限点,放入集合中
}
}
}
}
}
}
配置类
@Bean
public AnnotationScan annotationScan(){return new AnnotationScan();}
原博客地址:https://blog.youkuaiyun.com/github_39525088/article/details/75304357
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
