如何让 java 中的特定方法需要管理员权限？

Question

我正在创建一个我的客户端和用户都可以访问的密码实用程序，但是我希望特定方法 运行 只能由管理员（我的客户端）而不是用户使用。

执行此操作有哪些选项？

Answer 1

以下是针对不同用户使用级别的示例。我正在模仿 Java 和其他供应商处理日志级别的方式。

通过使用反射，我可以检查请求用户是否具有或缺少适当的用户级别来查看该方法。

这是一种在运行时筛选出谁可以或不能访问方法的简单方法。

用户类型

package auth;

public enum UserType {
    ADMIN(Integer.MIN_VALUE),
    SYSTEM(10000),
    GENERAL(20000),
    NONE(Integer.MAX_VALUE);

    int level;

    public int getLevel() {
        return level;
    }

    private UserType(int level) {
        this.level = level;
    }
}

用户级别

package auth;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface UserLevel {
    UserType type() default UserType.GENERAL;
}

控制服务

import auth.UserLevel;
import auth.UserType;

public class ControlService {
    @UserLevel(type=UserType.ADMIN)
    public String[] getUsers() {
        return new String[] {  };
    }

    @UserLevel(type=UserType.SYSTEM)
    public String[] getCommands() {
        return new String[] {  };
    }

    @UserLevel(type=UserType.GENERAL)
    public String[] getCategories() {
        return new String[] {  };
    }
}

UserServiceAccessCheck

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;

import auth.UserLevel;
import auth.UserType;

public class UserServiceAccessCheck {
    public static void requestMethods(Class<?> serviceClass, UserType type) {
        System.out.printf("Methods accessible to %s users...%n", type);

        int allowed = 0,
            disallowed = 0,
            count = 0,
            ignore = 0;

        for (Method method : serviceClass.getDeclaredMethods()) {
            if (method.isAnnotationPresent(UserLevel.class)) {
                Annotation annotation = method.getAnnotation(UserLevel.class);
                UserLevel level = (UserLevel) annotation;

                if (level.type().getLevel() >= type.getLevel()) {
                    try {
                        method.invoke(serviceClass.newInstance());
                        System.out.printf("  %s - Can access? %-13s - allowed %n", ++count, method.getName());
                        allowed++;
                    } catch (Throwable ex) {
                        System.out.printf("  %s - Can access? %-13s - disallowed: %s %n", ++count, method.getName(), ex.getCause());
                        disallowed++;
                    }
                } else {
                    System.out.printf("  %s - Can access? %-13s - disallowed%n", ++count, method.getName());
                    disallowed++;
                }

            }
        }

        System.out.printf("%nResult : Total : %d, Allowed: %d, Disallowed: %d, Ignore: %d%n%n",
                count, allowed, disallowed, ignore);
    }

    public static void main(String[] args) throws Exception {
        for (UserType type : UserType.values()) {
            requestMethods(ControlService.class, type);
        }
    }
}

输出

Methods accessible to ADMIN users...
  1 - Can access? getUsers      - allowed 
  2 - Can access? getCommands   - allowed 
  3 - Can access? getCategories - allowed 

Result : Total : 3, Allowed: 3, Disallowed: 0, Ignore: 0

Methods accessible to SYSTEM users...
  1 - Can access? getUsers      - disallowed
  2 - Can access? getCommands   - allowed 
  3 - Can access? getCategories - allowed 

Result : Total : 3, Allowed: 2, Disallowed: 1, Ignore: 0

Methods accessible to GENERAL users...
  1 - Can access? getUsers      - disallowed
  2 - Can access? getCommands   - disallowed
  3 - Can access? getCategories - allowed 

Result : Total : 3, Allowed: 1, Disallowed: 2, Ignore: 0

Methods accessible to NONE users...
  1 - Can access? getUsers      - disallowed
  2 - Can access? getCommands   - disallowed
  3 - Can access? getCategories - disallowed

Result : Total : 3, Allowed: 0, Disallowed: 3, Ignore: 0