如何在 Spring 中使用注释来应用切面?
更新:我发现 Spring 2.x 基于注释的控制器对于 AOP 安全性来说非常糟糕,因为由于参数和返回值自由度的增加,您无法对方法原型做出假设。 在 2.x 之前,您可以拦截 handleRequest 并知道第一个参数是 HttpServletRequest 并且返回值是 ModelAndView。 该标准允许您为每个控制器编写简单的建议。 现在,映射到请求的方法可以接受任何内容并返回字符串、ModelAndViews 等。
原始帖子:我有一组现有的方面,它们实现了在 Spring 中运行的 AOPAlliance 的 MethodInterceptor。 它们通过拦截控制器中的 .handleRequest. 方法并允许执行或转发到登录页面来为我的 Web 应用程序提供安全性。
使用 Spring 中新的基于注释的控制器,不再需要实现“handleRequest”方法; 控制器的方法可以命名为我想要的任何名称。 这打破了我现有的安全模型。 那么,我如何从此:
<bean class="com.xxx.aspects.security.LoginAdvice" name="loginAdvice">
<property name="loginPath">
<value>/login.htm</value>
</property>
<property name="authenticationService" ref="authenticationService" />
</bean>
<bean name="loginAdvisor" class="org.springframework.aop.support.DefaultPointcutAdvisor">
<property name="advice" ref="loginAdvice" />
<property name="pointcut">
<bean class="org.springframework.aop.support.JdkRegexpMethodPointcut">
<property name="pattern">
<value>.*handleRequest.*</value>
</property>
</bean>
</property>
</bean>
<bean id="someProtectedController" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="target">
<ref local="someProtectedControllerTarget" />
</property>
<property name="interceptorNames">
<list>
<value>loginAdvisor</value>
<value>adminAdvisor</value>
</list>
</property>
</bean>
......能够重用我现有的方面并使用注释将它们应用到整个控制器或控制器方法?
Update: I've found the Spring 2.x annotation-based Controllers are horrible for AOP security because you can't make assumptions about the method prototype due to the increased freedom in params and return values. Before 2.x you could intercept handleRequest and know the first param was an HttpServletRequest and the return value was a ModelAndView. This standard allowed you to write simple advices for every controller. Now methods mapped to requests can take anything and return Strings, ModelAndViews, etc.
Original Post: I have a set of existing aspects which implement AOPAlliance's MethodInterceptor running in Spring. They provide security for my webapp by intercepting .handleRequest. methods in the Controllers and either allowing execution or forwarding to a login page.
With the new annotation-based controllers in Spring, the "handleRequest" method no longer needs to be implemented; the methods of the controller can be named whatever I want. This breaks my existing security model. So, how do I get from this:
<bean class="com.xxx.aspects.security.LoginAdvice" name="loginAdvice">
<property name="loginPath">
<value>/login.htm</value>
</property>
<property name="authenticationService" ref="authenticationService" />
</bean>
<bean name="loginAdvisor" class="org.springframework.aop.support.DefaultPointcutAdvisor">
<property name="advice" ref="loginAdvice" />
<property name="pointcut">
<bean class="org.springframework.aop.support.JdkRegexpMethodPointcut">
<property name="pattern">
<value>.*handleRequest.*</value>
</property>
</bean>
</property>
</bean>
<bean id="someProtectedController" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="target">
<ref local="someProtectedControllerTarget" />
</property>
<property name="interceptorNames">
<list>
<value>loginAdvisor</value>
<value>adminAdvisor</value>
</list>
</property>
</bean>
...to being able to reuse my existing aspects and apply them to entire controllers or controller methods using annotations?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以使用 AnnotationMatchingPointcut 来查找控制器上具有 @RequestMapping 的方法(或在基于注释的 Spring 控制器中使用的其他类似注释)?
Could you use an AnnotationMatchingPointcut to look for methods on your controllers which have the @RequestMapping (or other similiar annotations that you use in your annotation-based Spring controllers)?