SpringBoot使用AOP+注解实现简单的权限验证的方法

<!--AOP包--><dependency>  <groupId>org.springframework.boot</groupId>  <artifactId>spring-boot-starter-aop</artifactId></dependency>

@Target(ElementType.METHOD)@Retention(RetentionPolicy.RUNTIME)@Documentedpublic @interface Permission {   String authorities() default "ADMIN";}

public class AnnotationParse {  /***   * 解析权限注解   * @return 返回注解的authorities值   * @throws Exception   */  public static String privilegeParse(Method method) throws Exception {    //获取该方法    if(method.isAnnotationPresent(Permission.class)){      Permission annotation = method.getAnnotation(Permission.class);      return annotation.authorities();    }    return null;  }}

@Aspect@Componentpublic class ControllerAspect {  private final static Logger logger = LoggerFactory.getLogger(ControllerAspect.class);  @Autowired  private UserService userService;  /**   * 定义切点   */  @Pointcut("execution(public * com.wqh.blog.controller.*.*(..))")  public void privilege(){}  /**   * 权限环绕通知   * @param joinPoint   * @throws Throwable   */  @ResponseBody  @Around("privilege()")  public Object isAccessMethod(ProceedingJoinPoint joinPoint) throws Throwable {    //获取访问目标方法    MethodSignature methodSignature = (MethodSignature)joinPoint.getSignature();    Method targetMethod = methodSignature.getMethod();    //得到方法的访问权限    final String methodAccess = AnnotationParse.privilegeParse(targetMethod);    //如果该方法上没有权限注解，直接调用目标方法    if(StringUtils.isBlank(methodAccess)){      return joinPoint.proceed();    }else {      //获取当前用户的权限,这里是自定义的发那个发      User currentUser = userService.getCurrentUser();      logger.info("访问用户，{}",currentUser.toString());      if(currentUser == null){        throw new LoginException(ResultEnum.LOGIN_ERROR);      }      if(methodAccess.equals(currentUser.getRole().toString())){        return joinPoint.proceed();      }else {        throw new BusinessException(ResultEnum.ROLE_ERROR);      }    }  }}