How to use Spring AOP to implement interface authentication in SpringBoot
Aspect-oriented programming
Aspect-oriented programming can extract logic that has nothing to do with the business but needs to be called jointly by various business modules, and cut it into the code in the form of aspects, thereby reducing the coupling of the code in the system. degree, reducing duplicate code.
Spring AOP implements aspect-oriented programming through pre-compilation and dynamic proxies during runtime
The underlying principle of AOP is implemented
The underlying use of AOP is dynamic The proxy completes the requirements and generates proxy classes for classes that need to be enhanced. There are two ways to generate proxy classes. For the proxy class (that is, the class that needs to be enhanced), If:
If the interface is implemented and JDK dynamic proxy is used, the generated proxy class will use its interface. If the interface is not implemented,
If CGlib dynamic proxy is used, the generated proxy class will be Integrated proxied class
AOP related terms
Connection point:In the proxied (enhanced) class Method
Entry point:Method that actually needs to be enhanced
Notification: Logic code to be enhanced
Pre-notification: Executed before the execution of the main function
Post notification: Executed after the execution of the theme function
Surround notification: Executed before and after the execution of the main function
-
Exception notification: Executed when an exception occurs in the execution of the theme function
Final notification:The main function will be executed regardless of whether the execution is successful
Aspect: The combination of entry point and aspect, that is, the enhanced method and enhanced function form the aspect
Related comments and pointcut expressions
Annotations:
@Aspect: Declare that a certain class is an aspect , write notifications and entry points
@Before: Corresponding pre-notification
@AfterReturning: Corresponding to post notification
@Around: Corresponding to surrounding notification
@AfterThrowing: Corresponding exception notification
@After: Corresponding to final notification
@Pointcut: Statement Pointcuts, marking them on a method can make the expression more concise
Use pointcut expressions to declare pointcuts
execution([Permission modifier][Return type][Full class path].[Method name][Parameter list type])
execution(* com.xxx.ABC. add()), enhance the method of ABC class
Implement interface authentication
1. Configure yml file
Configure interface authentication account
account:
infos:
- account: xinchao
secret: admin2. Read the account and password configuration
@Data
public class SecretInfo {
private String account;
private String secret;
}3. Write the interface authentication method
@Configuration
@ConfigurationProperties("account")
public class SecretConfig {
private List<SecretInfo> infos;
private Map<String, SecretInfo> map;
private Map<String, TokenInfo> tokenMap = new HashMap<>();
public void setInfos(List<SecretInfo> infos) {
this.infos = infos;
map = infos.stream().collect(Collectors.toMap(SecretInfo::getAccount, Function.identity()));
}
public synchronized String getToken(String account, String secret) {
SecretInfo info = map.get(account);
if (info == null) {
throw new BusinessException("无效账号");
}
if (!StringUtils.equals(info.getSecret(), secret)) {
throw new BusinessException("无效密码");
}
TokenInfo tokenInfo = tokenMap.get(account);
if (tokenInfo != null && tokenInfo.getToken() != null) {
return tokenInfo.getToken();
}
tokenInfo = new TokenInfo();
String uuid = UUID.randomUUID().toString();
tokenInfo.setToken(uuid);
tokenInfo.setCreateDate(LocalDateTime.now());
tokenInfo.setExpireDate(LocalDateTime.now().plusHours(2));
tokenMap.put(account,tokenInfo);
return tokenInfo.getToken();
}
public boolean checkCaptcha(String captcha) {
return tokenMap.values().stream().anyMatch(e->StringUtils.equals(e.getToken(),captcha));
}
}@Data
public class TokenInfo {
private LocalDateTime createDate;
private LocalDateTime expireDate;
private String token;
public String getToken() {
if (LocalDateTime.now().isBefore(expireDate)) {
return token;
}
return null;
}
public boolean verification(String token) {
return Objects.equals(this.token, token);
}
}4. Write the AOP
First , write an annotation to indicate that authentication is not required
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface CaptchaIgnoreAop {
}@Slf4j
@Aspect
@Component
@Order(2)
public class CaptchaAop {
@Value("${spring.profiles.active:dev}")
private String env;
@Autowired
private SecretConfig config;
@Pointcut("execution(public * com.herenit.phsswitch.controller.impl..*.*(..))" +
"&&@annotation(org.springframework.web.bind.annotation.PostMapping)" +
"&&!@annotation(com.herenit.phsswitch.aop.CaptchaIgnoreAop)")
public void tokenAop() {
}
@Around("tokenAop()")
public Object doBefore(ProceedingJoinPoint joinPoint) throws Throwable {
Object[] args = joinPoint.getArgs();
if (args.length == 0 || !(args[0] instanceof RequestWrapper)
|| "test,dev".contains(env)) {
log.info("当前环境无需校验token");
return joinPoint.proceed();
}
String captcha = ((RequestWrapper) joinPoint.getArgs()[0]).getCaptcha();
if (!config.checkCaptcha(captcha)) {
throw new BusinessException("captcha无效");
}
return joinPoint.proceed();
}
}5. Write an interface test
@PostMapping("/login")
@CaptchaIgnoreAop
public ResponseWrapper login(@RequestBody JSONObject userInfo) {
String token = config.getToken(userInfo.getString("loginName")
, userInfo.getString("password"));
JSONObject result = new JSONObject();
result.put("platformAccessToken", token);
return ResponseWrapper.success(result);
}Use this interface to create a token in memory and return it to the front end . Later, we can pass in this token for authentication when adjusting other interfaces. The location passed in is the captcha field
public class RequestWrapper<T> implements Serializable {
private static final long serialVersionUID = 8988706670118918321L;
public RequestWrapper() {
super();
}
private T args;
private String captcha;
private String funcode;
public T getArgs() {
return args;
}
public void setArgs(T args) {
this.args = args;
}
public String getCaptcha() {
return captcha;
}
public void setCaptcha(String captcha) {
this.captcha = captcha;
}
public String getFuncode() {
return funcode;
}
public void setFuncode(String funcode) {
this.funcode = funcode;
}
}The above is the detailed content of How to use Spring AOP to implement interface authentication in SpringBoot. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
A new programming paradigm, when Spring Boot meets OpenAI
Feb 01, 2024 pm 09:18 PM
In 2023, AI technology has become a hot topic and has a huge impact on various industries, especially in the programming field. People are increasingly aware of the importance of AI technology, and the Spring community is no exception. With the continuous advancement of GenAI (General Artificial Intelligence) technology, it has become crucial and urgent to simplify the creation of applications with AI functions. Against this background, "SpringAI" emerged, aiming to simplify the process of developing AI functional applications, making it simple and intuitive and avoiding unnecessary complexity. Through "SpringAI", developers can more easily build applications with AI functions, making them easier to use and operate.
Use Spring Boot and Spring AI to build generative artificial intelligence applications
Apr 28, 2024 am 11:46 AM
As an industry leader, Spring+AI provides leading solutions for various industries through its powerful, flexible API and advanced functions. In this topic, we will delve into the application examples of Spring+AI in various fields. Each case will show how Spring+AI meets specific needs, achieves goals, and extends these LESSONSLEARNED to a wider range of applications. I hope this topic can inspire you to understand and utilize the infinite possibilities of Spring+AI more deeply. The Spring framework has a history of more than 20 years in the field of software development, and it has been 10 years since the Spring Boot 1.0 version was released. Now, no one can dispute that Spring
What are the implementation methods of spring programmatic transactions?
Jan 08, 2024 am 10:23 AM
How to implement spring programmatic transactions: 1. Use TransactionTemplate; 2. Use TransactionCallback and TransactionCallbackWithoutResult; 3. Use Transactional annotations; 4. Use TransactionTemplate in combination with @Transactional; 5. Customize the transaction manager.
Comparison and difference analysis between SpringBoot and SpringMVC
Dec 29, 2023 am 11:02 AM
SpringBoot and SpringMVC are both commonly used frameworks in Java development, but there are some obvious differences between them. This article will explore the features and uses of these two frameworks and compare their differences. First, let's learn about SpringBoot. SpringBoot was developed by the Pivotal team to simplify the creation and deployment of applications based on the Spring framework. It provides a fast, lightweight way to build stand-alone, executable
SpringBoot+Dubbo+Nacos development practical tutorial
Aug 15, 2023 pm 04:49 PM
This article will write a detailed example to talk about the actual development of dubbo+nacos+Spring Boot. This article will not cover too much theoretical knowledge, but will write the simplest example to illustrate how dubbo can be integrated with nacos to quickly build a development environment.
How to set transaction isolation level in Spring
Jan 26, 2024 pm 05:38 PM
How to set the transaction isolation level in Spring: 1. Use the @Transactional annotation; 2. Set it in the Spring configuration file; 3. Use PlatformTransactionManager; 4. Set it in the Java configuration class. Detailed introduction: 1. Use the @Transactional annotation, add the @Transactional annotation to the class or method that requires transaction management, and set the isolation level in the attribute; 2. In the Spring configuration file, etc.
Spring Annotation Revealed: Analysis of Common Annotations
Dec 30, 2023 am 11:28 AM
Spring is an open source framework that provides many annotations to simplify and enhance Java development. This article will explain commonly used Spring annotations in detail and provide specific code examples. @Autowired: Autowired @Autowired annotation can be used to automatically wire beans in the Spring container. When we use the @Autowired annotation where dependencies are required, Spring will find matching beans in the container and automatically inject them. The sample code is as follows: @Auto
Detailed explanation of Bean acquisition methods in Spring
Dec 30, 2023 am 08:49 AM
Detailed explanation of the Bean acquisition method in Spring In the Spring framework, Bean acquisition is a very important part. In applications, we often need to use dependency injection or dynamically obtain instances of beans. This article will introduce in detail how to obtain beans in Spring and give specific code examples. Obtaining the Bean@Component annotation through the @Component annotation is one of the commonly used annotations in the Spring framework. We can do this by adding @Compone on the class
