一、绪论
在不使用过滤器和 拦截器的前提下,如果统一对JAVA的 方法进行 管理。比如对一类方法或者类进行日志监控,前后逻辑处理。这时就可以使用到切面。它的本质还是一个拦截器。只是通过注解的方式来标识所切的方法。
二、JAVA中切面的使用实例
@Aspect
@Component
public class SecurityAspect {
@Value("${keys.aeskey:-1}")
private String AES_KEY;
@Value("${keys.jwtkey:-1}")
private String JWT_KEY;
@Value("${xss.url:-1}")
private String xxsUrl;
private AntPathMatcher antPathMatcher = new AntPathMatcher();
/**切面*/
@Pointcut("@annotation(cn.xxx.common.util.security.CtgDecrypt) || @annotation(cn.xxx.common.util.security.CtgEncrypt)")
public void pointCut(){ }
/**
*
* @param joinPoint
* @return
* @throws Throwable
*/
@Around("execution(* cn.xxx.*.controller.*.*(..))")
public Object doAroundHtml(ProceedingJoinPoint joinPoint) throws Throwable {
Object[] args = joinPoint.getArgs();
HttpServletRequest httpServletRequest = UserTokenUtils.getHttpServletRequest();
String requestURI = httpServletRequest.getRequestURI();
String[] split = xxsUrl.split("\\|");
if(split==null){
return joinPoint.proceed(args);
}
if(pathMatcher(Arrays.asList(split),requestURI)) {
for (int i = 0; i < args.length; i++) {
Object arg = args[i];
Map<String, Object> map = JSONUtil.parseObj(JSONObject.toJSONString(arg));
for (Map.Entry<String, Object> entry : map.entrySet()) {
if (XssUtils.isStripXSS(entry.getValue().toString())) {
ResponseData<Object> responseData = ResponseData.error(ResponseCode.XSS_CODE_ERROR);
return responseData;
}
}
}
}
return joinPoint.proceed(args);
}
/** 返回参数加密*/
@Around("pointCut()")
public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
//执行方法,获取返回值
Object result = joinPoint.proceed();
String data = JSONUtil.toJsonStr(((ResponseData<?>) result).getData());
if(data.equals("{}")){
data = String.valueOf(((ResponseData<?>) result).getData());
}
/** 可以根据注解选择 加密方法 防止统一*/
((ResponseData<?>) result).setEncrypt(true);
return result;
}
// 白名单查询
private boolean pathMatcher(List<String> urlList, String requestUri) {
for (String url : urlList) {
if (antPathMatcher.match(url, requestUri)) {
return true;
}
}
return false;
}
}
@Aspect
@Component
public class SecurityAspect {
@Value("${keys.aeskey:-1}")
private String AES_KEY;
@Value("${keys.jwtkey:-1}")
private String JWT_KEY;
@Value("${xss.url:-1}")
private String xxsUrl;
private AntPathMatcher antPathMatcher = new AntPathMatcher();
/**切面*/
@Pointcut("@annotation(cn.xxx.common.util.security.CtgDecrypt) || @annotation(cn.ctg.common.util.security.CtgEncrypt)")
public void pointCut(){ }
/**
*
* @param joinPoint
* @return
* @throws Throwable
*/
@Around("execution(* cn.xxx.*.controller.*.*(..))")
public Object doAroundHtml(ProceedingJoinPoint joinPoint) throws Throwable {
Object[] args = joinPoint.getArgs();
HttpServletRequest httpServletRequest = UserTokenUtils.getHttpServletRequest();
String requestURI = httpServletRequest.getRequestURI();
String[] split = xxsUrl.split("\\|");
if(split==null){
return joinPoint.proceed(args);
}
if(pathMatcher(Arrays.asList(split),requestURI)) {
for (int i = 0; i < args.length; i++) {
Object arg = args[i];
Map<String, Object> map = JSONUtil.parseObj(JSONObject.toJSONString(arg));
for (Map.Entry<String, Object> entry : map.entrySet()) {
if (XssUtils.isStripXSS(entry.getValue().toString())) {
ResponseData<Object> responseData = ResponseData.error(ResponseCode.XSS_CODE_ERROR);
return responseData;
}
}
}
}
return joinPoint.proceed(args);
}
/** 返回参数加密*/
@Around("pointCut()")
public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
//执行方法,获取返回值
Object result = joinPoint.proceed();
String data = JSONUtil.toJsonStr(((ResponseData<?>) result).getData());
if(data.equals("{}")){
data = String.valueOf(((ResponseData<?>) result).getData());
}
/** 可以根据注解选择 加密方法 防止统一*/
((ResponseData<?>) result).setEncrypt(true);
return result;
}
// 白名单查询
private boolean pathMatcher(List<String> urlList, String requestUri) {
for (String url : urlList) {
if (antPathMatcher.match(url, requestUri)) {
return true;
}
}
return false;
}
}