参考代码:lamp
1:定义注解PreAuth
2:定义aspect,通过切片找到controller类上的@PreAuth和方法上的@PreAuth
3: controller类上的@PreAuth:通常是将要替代方法中{}的
@PreAuth(replace = "vily:user:")
public class VilyPreAuthTestController {
}4: 方法上@PreAuth: 将通过反射指向具体操作
@PreAuth("hasAnyPermission('{}update,vue')")
public R updateTest(){
return R.success();
}5: 当aspect 切片到方法上注解时,将会得到最终的condition:
hasAnyPermission('vily:user:update,vue')6: 反射:
@Nullable
private Boolean invokePermit(ProceedingJoinPoint point, Method method, String condition) {
StandardEvaluationContext context = new StandardEvaluationContext(verifyAuthFunction);
Expression expression = SP_EL_PARSER.parseExpression(condition);
// 方法参数值
Object[] args = point.getArgs();
context.setBeanResolver(new BeanFactoryResolver(ac));
for (int i = 0; i < args.length; i++) {
MethodParameter mp = new SynthesizingMethodParameter(method, i);
mp.initParameterNameDiscovery(PARAMETER_NAME_DISCOVERER);
context.setVariable(mp.getParameterName(), args[i]);
}
return expression.getValue(context, Boolean.class);
}7: 反射会执行:verifyAuthFunction的hasAnyPermission方法
public boolean hasAnyPermission(String... permit) {
// 查询当前用户拥有的所有资源
Set<String> resources = getAllResources();
// 判断是否包含所需的角色
return AuthorizingRealm.hasAnyPermission(resources, permit, securityProperties.getCaseSensitive());
}8:遍历permit
if (permit != null && permit.length > 0) {
Arrays.stream(permit).forEach(System.out::println);
}9:得到2个注解的资源:'vily:user:update,vue'
