I'm testing Spring AOP framework and have the following question.
I have the following code:
package danny.test.controllers;
@Controller
public class MyController{
@Autowired
private DaoService service;
@RequestMapping(value="/save",method = RequestMethod.POST)
public String addUser(@Valid MyClass myClass, BindingResult result){
service.save(myClass);
return "Ok";
}
I would like to create before Advice aspect to check user security in user session.
@Aspect
public class Profiler {
@Pointcut("execution(* danny.test.services.DaoServices.*.*(..))")
public void methods(){}
@Before("methods()")
public void checkSecurity() throws Throwable{
//check session if user is authenticated....
}
}
What I don't know what to do is to cancel execution of DaoServices.save method if the user is not authenticated and cause controller to return any other value instead of "ok".
Can i do it? Can someone point me to such example? Can I use @Around advice for such actions?
Yes, I think you should use the @Around advice and just not call the ProceedingJoinPoint.proceed() method if the authentication fails.
UPDATE:
To return something else your method should look something like this:
@Before("methods()")
public Object checkSecurity(ProceedingJoinPoint pjp) throws Throwable{
if (/*user is authenticated*/) {
return pjp.proceed();
} else {
return "NOT OK";
}
}
Please notice that the method returns an object. See also this part of the Spring documentation.
来源:https://stackoverflow.com/questions/4907072/spring-mvc-before-advice-check-security