我有两个属性:
- SecuredOperationAttribute
- ExceptionPolicyAttribute
如果用户不能访问控制器上的操作,那么我会抛出一个自定义的NonAuthorizedException,但我无法在ExceptionPolicyAttribute 上捕捉到它
我的代码:
[LogMethod]
[ExceptionPolicy]
public ActionResult Edit(int id)
{
// some works on here
}
[Serializable]
public class ExceptionPolicyAttribute : OnExceptionAspect
{
private ILog logger;
private string methodName;
public override void CompileTimeInitialize(MethodBase method, AspectInfo aspectInfo)
{
this.methodName = method.DeclaringType.FullName + "." + method.Name;
}
public override void OnException(MethodExecutionArgs args)
{
Guid guid = Guid.NewGuid();
var stringBuilder = new StringBuilder(1024);
// Write the exit message.
stringBuilder.Append(this.methodName);
stringBuilder.Append('(');
// Write the current instance object, unless the method
// is static.
object instance = args.Instance;
if (instance != null)
{
stringBuilder.Append("this=");
stringBuilder.Append(instance);
if (args.Arguments.Count > 0)
stringBuilder.Append("; ");
}
// Write the list of all arguments.
for (int i = 0; i < args.Arguments.Count; i++)
{
if (i > 0)
stringBuilder.Append(", ");
stringBuilder.Append(args.Arguments.GetArgument(i) ?? "null");
}
// Write the exception message.
stringBuilder.AppendFormat("): Exception ");
stringBuilder.Append(args.Exception.GetType().Name);
stringBuilder.Append(": ");
stringBuilder.Append(args.Exception.Message);
logger.Error(stringBuilder.ToString(), args.Exception);
args.FlowBehavior = FlowBehavior.Continue;
}
public override Type GetExceptionType(System.Reflection.MethodBase targetMethod)
{
return typeof(NonAuthorizedException);
}
}
安全属性是:
[Serializable]
public class SecuredOperationAttribute: OnMethodBoundaryAspect
{
public override void OnEntry(MethodExecutionArgs args)
{
IUserManager userManager = new UserManager();
int userId = userManager.GetUserIdFromCookie;
AdminUser adminUser = GenericSessionHelper<AdminUser>.Get(userId.ToString(), State.Session);
if(!User.CanAccess)
{
args.ReturnValue = null;
throw new NonAuthorizedException(string.Format("{0} userId li kullanıcının {1} işlemini yapmak için yetkisi yoktur",userId,args.Method.Name));
}
return;
}
}
什么可能是问题?我使用postsharp的方式不对吗?
我找到了解决方案:我使用的属性如下:
[SecuredOperation]
[ExceptionPolicy]
public ActionResult Edit(int id)
但ExceptionPolicy无法捕获异常。所以我把ExceptionPolicy移到了控制器类的顶部:
[ExceptionPolicy]
public class UserController : BaseAuthorizedUserController
现在它起作用了。