问题描述
我想以声明的方式向servlet方法添加权限,例如:
// servlet
@Perms("admin","finance")
public void doPost(servletRequest req,servletResponse res) {
...
}
// web filter
public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain) {
List<String> allowedRoles = ... // somehow get values from @Perms
}
也许还有其他方法可以不带注释,但这只是我想要做什么的一个例子。
或更抽象的例子:
@WebServlet("/someaddress")
// servlet
@What("have a nice day")
public void doPost(servletRequest req,servletResponse res) {
...
}
@WebFilter("/*")
// web filter
public void doFilter(ServletRequest req,FilterChain chain) {
String msg = ... // somehow get values from @What
}
解决方法
这是解决方法
- 声明注释
@Retention(RetentionPolicy.RUNTIME)
public @interface What {
String[] value();
}
- 在servlet中覆盖
init
方法(我认为声明另一个类,所有的servlet将被该init
继承是有用的)
@Override
public void init() throws ServletException {
ServletContext ctx = this.getServletContext();
final Class[] sFormalArgs = {HttpServletRequest.class,HttpServletResponse.class};
try {
Method m = this.getClass().getDeclaredMethod("doGet",sFormalArgs); // do the same with other methods
What a = m.getAnnotation(What.class);
String[] value = a.value();
ctx.setAttribute("someStuff",value);
} catch (NoSuchMethodException e) {
e.printStackTrace();
}
}
- 向方法添加注释
@What({"admin","finance"})
@Override
protected void doGet(HttpServletRequest req,HttpServletResponse resp)
{
....
}
- 通过网络过滤器获取它
@Override
public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse,FilterChain filterChain
) {
HttpServletRequest req = (HttpServletRequest) servletRequest;
ServletContext ctx = req.getServletContext();
Object o = ctx.getAttribute("someStuff");
}
别忘了处理错误和多方面的问题