Spring MVC + Before Advice check security_问答_开发者

Spring MVC + Before Advice check security

开发者 https://www.devze.com 2023-02-08 12:31 出处：网络

I\'m testing Spring AOP framework and have the following question. I have the following code: package danny.test.controllers;

I'm testing Spring AOP framework and have the following question.

I have the following code:

package danny.test.controllers;

@Controller
public class MyController{

@Autowired
private DaoService service;

@RequestMapping(value="/save",method = RequestMethod.POST)
      public String addUser(@Valid MyClass myClass, BindingResult result){

service.save(myClass);

return "Ok";
}

I would like to create before Advice aspect to check user security in user session.

@Aspect
public class Profiler {

    @Pointcut("execution(* danny.test.services.DaoServices.*.*(..))")
    public void methods(){}

    @Before("methods()")
    public void checkSecurity() throws Throwable{
        //check session if user is authenticated....
    }

}

What I don't know what to do is to ca开发者_Go百科ncel execution of DaoServices.save method if the user is not authenticated and cause controller to return any other value instead of "ok".

Can i do it? Can someone point me to such example? Can I use @Around advice for such actions?

Yes, I think you should use the @Around advice and just not call the ProceedingJoinPoint.proceed() method if the authentication fails.

UPDATE:

To return something else your method should look something like this:

@Before("methods()")
public Object checkSecurity(ProceedingJoinPoint pjp) throws Throwable{
    if (/*user is authenticated*/) {
        return pjp.proceed();
    } else {
        return "NOT OK";
    }
}

Please notice that the method returns an object. See also this part of the Spring documentation.