为了增加数据的安全性,在数据管理的过程中,我们需要将操作者访问时间,操作者的名称,访问的IP,访问资源的URL,执行时长,访问方法记录下来存储到数据库中,并可以通过页面查看。
日志表syslog
SysLog类
1 package club.nipengfei.ssm.domain;
2
3 import java.util.Date;
4
5 public class SysLog {
6 private String id;
7 private Date visitTime;
8 private String visitTimeStr;
9 private String username;
10 private String ip;
11 private String url;
12 private Long executionTime;
13 private String method;
14
15 public String getId() {
16 return id;
17 }
18
19 public void setId(String id) {
20 this.id = id;
21 }
22
23 public Date getVisitTime() {
24 return visitTime;
25 }
26
27 public void setVisitTime(Date visitTime) {
28 this.visitTime = visitTime;
29 }
30
31 public String getVisitTimeStr() {
32 return visitTimeStr;
33 }
34
35 public void setVisitTimeStr(String visitTimeStr) {
36 this.visitTimeStr = visitTimeStr;
37 }
38
39 public String getUsername() {
40 return username;
41 }
42
43 public void setUsername(String username) {
44 this.username = username;
45 }
46
47 public String getIp() {
48 return ip;
49 }
50
51 public void setIp(String ip) {
52 this.ip = ip;
53 }
54
55 public String getUrl() {
56 return url;
57 }
58
59 public void setUrl(String url) {
60 this.url = url;
61 }
62
63 public Long getExecutionTime() {
64 return executionTime;
65 }
66
67 public void setExecutionTime(Long executionTime) {
68 this.executiOnTime= executionTime;
69 }
70
71 public String getMethod() {
72 return method;
73 }
74
75 public void setMethod(String method) {
76 this.method = method;
77 }
78 }
注意该类作为切面类需要注解@Aspect
在该切面类内创建一个前置通知@Before("execution(* club.nipengfei.ssm.controller.*.*(..))"),一个后置通知@After("execution(* club.nipengfei.ssm.controller.*.*(..))"),注解内的属性表示切入点表达式,在这里表示controller包下的所有类。
直接在前置通知内new一个Date()
1 // 获取当前操作的用户
2 SecurityContext cOntext= SecurityContextHolder.getContext();
3 User user =(User) context.getAuthentication().getPrincipal();
4 String username = user.getUsername();
先在web.xml中新增一个监听器
1 <listener>
2 <listener-class>org.springframework.web.context.request.RequestContextListenerlistener-class>
3 listener>
通过getRemoteAddr()方法获取IP
1 // 获取IP地址
2 String ip = request.getRemoteAddr();
思路:获取类上注解的@RequestMapping的属性值和方法上注解@RequestMapping的属性值,并将两者拼接。
获取类上注解属性值:通过反射获取操作的类,使用getAnnotation(RequestMapping.class)方法获取@RequestMapping注解,使用value()获取属性
获取方法上注解属性值:通过反射获取操作的类,使用getMethod()方法获取方法,使用getAnnotation(RequestMapping.class)方法获取@RequestMapping注解,使用value()获取属性
具体代码放下面。
在后置通知内new一个Date()减去前置通知的Date()。
1 // 获取访问时长
2 long time = new Date().getTime()-visitTime.getTime();
通过类的getMethod()方法获取方法。
注意:有些方法含参,有些不含参需要分开处理。
1 @Before("execution(* club.nipengfei.ssm.controller.*.*(..))")
2 public void doBefore(JoinPoint jp) throws NoSuchMethodException {
3 visitTime = new Date(); // 当前时间就是开始访问的类
4 clazz = jp.getTarget().getClass(); // 具体访问的类
5 String methodName = jp.getSignature().getName(); // 获取访问方法名称
6 Object[] args = jp.getArgs(); // 获取访问方法参数
7
8 // 获取具体执行方法Method对象
9 if (args==null || args.length==0){
10 method = clazz.getMethod(methodName);
11 } else {
12 Class[] classArgs = new Class[args.length];
13 for (int i=0;i
14 classArgs[i] = args[i].getClass();
15 }
16 method = clazz.getMethod(methodName,classArgs);
17 }
18 }
LogAop类的代码:
1 package club.nipengfei.ssm.controller;
2
3 import club.nipengfei.ssm.domain.SysLog;
4 import club.nipengfei.ssm.service.ISysLogService;
5 import org.aspectj.lang.JoinPoint;
6 import org.aspectj.lang.annotation.After;
7 import org.aspectj.lang.annotation.Aspect;
8 import org.aspectj.lang.annotation.Before;
9 import org.springframework.beans.factory.annotation.Autowired;
10 import org.springframework.security.core.context.SecurityContext;
11 import org.springframework.security.core.context.SecurityContextHolder;
12 import org.springframework.security.core.userdetails.User;
13 import org.springframework.stereotype.Component;
14 import org.springframework.web.bind.annotation.RequestMapping;
15
16 import javax.servlet.http.HttpServletRequest;
17 import java.lang.reflect.Method;
18 import java.util.Date;
19
20 @Component
21 @Aspect
22 public class LogAop {
23
24 @Autowired
25 private HttpServletRequest request;
26
27 @Autowired
28 private ISysLogService sysLogService;
29
30 private Date visitTime; // 开始时间
31 private Class clazz; // 访问的类
32 private Method method; // 访问的方法
33
34 // 前置通知 主要获取开始时间,执行的类哪一个,执行的哪一个方法
35 @Before("execution(* club.nipengfei.ssm.controller.*.*(..))")
36 public void doBefore(JoinPoint jp) throws NoSuchMethodException {
37 visitTime = new Date(); // 当前时间就是开始访问的类
38 clazz = jp.getTarget().getClass(); // 具体访问的类
39 String methodName = jp.getSignature().getName(); // 获取访问方法名称
40 Object[] args = jp.getArgs(); // 获取访问方法参数
41
42 // 获取具体执行方法Method对象
43 if (args==null || args.length==0){
44 method = clazz.getMethod(methodName);
45 } else {
46 Class[] classArgs = new Class[args.length];
47 for (int i=0;i
48 classArgs[i] = args[i].getClass();
49 }
50 method = clazz.getMethod(methodName,classArgs);
51 }
52 }
53
54 // 后置通知
55 @After("execution(* club.nipengfei.ssm.controller.*.*(..))")
56 public void doAfter(JoinPoint jp) throws Exception {
57
58 // 获取访问时长
59 long time = new Date().getTime()-visitTime.getTime();
60
61 String url = "";
62 // 获取url
63 if (clazz != null && method !=null && clazz!=LogAop.class){
64 // 获取类的@RequestMapping("/orders")
65 RequestMapping clazzAnnotation =(RequestMapping) clazz.getAnnotation(RequestMapping.class);
66 if (clazzAnnotation != null){
67 String[] classValue = clazzAnnotation.value();
68 // 获取方法上的@RequestMapping("xxx")
69 RequestMapping methodAnnotation = method.getAnnotation(RequestMapping.class);
70 if (methodAnnotation != null){
71 String[] methodValue = methodAnnotation.value();
72 url=classValue[0]+methodValue[0];
73
74 // 获取IP地址
75 String ip = request.getRemoteAddr();
76
77 // 获取当前操作的用户
78 SecurityContext cOntext= SecurityContextHolder.getContext();
79 User user =(User) context.getAuthentication().getPrincipal();
80 String username = user.getUsername();
81
82 // 将日志相关信息封装到SysLog对象
83 SysLog sysLog = new SysLog();
84 sysLog.setExecutionTime(time);
85 sysLog.setIp(ip);
86 sysLog.setMethod("[类名] "+clazz.getName()+"[方法名] "+method.getName());
87 sysLog.setUrl(url);
88 sysLog.setUsername(username);
89 sysLog.setVisitTime(visitTime);
90
91 // 调用service完成操作
92 sysLogService.save(sysLog);
93 }
94 }
95
96 }
97 }
98 }
1 package club.nipengfei.ssm.service.impl;
2
3 import club.nipengfei.ssm.dao.ISysLogDao;
4 import club.nipengfei.ssm.domain.SysLog;
5 import club.nipengfei.ssm.service.ISysLogService;
6 import org.springframework.beans.factory.annotation.Autowired;
7 import org.springframework.stereotype.Service;
8 import org.springframework.transaction.annotation.Transactional;
9
10 import java.util.List;
11
12 @Service
13 @Transactional
14 public class SysLogServiceImpl implements ISysLogService {
15
16 @Autowired
17 private ISysLogDao sysLogDao;
18
19 @Override
20 public void save(SysLog sysLog) throws Exception {
21 sysLogDao.save(sysLog);
22 }
23
24 }
1 package club.nipengfei.ssm.dao;
2
3 import club.nipengfei.ssm.domain.SysLog;
4 import org.apache.ibatis.annotations.Insert;
5 import org.apache.ibatis.annotations.Select;
6
7 import java.util.List;
8
9 public interface ISysLogDao {
10
11 @Insert("insert into syslog(visitTime,username,ip,url,executionTime,method) values(#{visitTime},#{username},#{ip},#{url},#{executionTime},#{method})")
12 public void save(SysLog sysLog) throws Exception;
13
14 }
当点击订单管理时发现,不能正常访问
查看资料发现因为该findAll方法传入的形参是int类型,而我们的切面类通过反射获取该类的方法时传入的参数Integer类型。将findAll方法的int改为Integer,发现能正常访问了。
流程分析图:
1 package club.nipengfei.ssm.dao;
2
3 import club.nipengfei.ssm.domain.SysLog;
4 import org.apache.ibatis.annotations.Insert;
5 import org.apache.ibatis.annotations.Select;
6
7 import java.util.List;
8
9 public interface ISysLogDao {
10
11 @Insert("insert into syslog(visitTime,username,ip,url,executionTime,method) values(#{visitTime},#{username},#{ip},#{url},#{executionTime},#{method})")
12 public void save(SysLog sysLog) throws Exception;
13
14 @Select("select * from sysLog")
15 List
16 }
1 package club.nipengfei.ssm.service.impl;
2
3 import club.nipengfei.ssm.dao.ISysLogDao;
4 import club.nipengfei.ssm.domain.SysLog;
5 import club.nipengfei.ssm.service.ISysLogService;
6 import org.springframework.beans.factory.annotation.Autowired;
7 import org.springframework.stereotype.Service;
8 import org.springframework.transaction.annotation.Transactional;
9
10 import java.util.List;
11
12 @Service
13 @Transactional
14 public class SysLogServiceImpl implements ISysLogService {
15
16 @Autowired
17 private ISysLogDao sysLogDao;
18
19 @Override
20 public void save(SysLog sysLog) throws Exception {
21 sysLogDao.save(sysLog);
22 }
23
24 @Override
25 public List
26 return sysLogDao.findAll();
27 }
28 }
1 package club.nipengfei.ssm.controller;
2
3 import club.nipengfei.ssm.domain.SysLog;
4 import club.nipengfei.ssm.service.ISysLogService;
5 import org.springframework.beans.factory.annotation.Autowired;
6 import org.springframework.stereotype.Controller;
7 import org.springframework.web.bind.annotation.RequestMapping;
8 import org.springframework.web.servlet.ModelAndView;
9
10 import java.util.List;
11
12 @Controller
13 @RequestMapping("/sysLog")
14 public class SysLogController {
15
16 @Autowired
17 private ISysLogService sysLogService;
18
19 @RequestMapping("/findAll.do")
20 public ModelAndView findAll() throws Exception {
21 ModelAndView mv = new ModelAndView();
22 List
23 mv.addObject("sysLogs",sysLogList);
24 mv.setViewName("syslog-list");
25 return mv;
26 }
27 }