shiro中unauthorizedUrl不起作用

解决方法:

在shiro配置文件中添加(异常全路径做key,错误页面做value)

<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
        <property name="exceptionMappings">
            <props>
                <prop key="org.apache.shiro.authz.UnauthorizedException">/403</prop>
            </props>
        </property>
    </bean>

原因:这是因为shiro源代码中判断了filter是否为AuthorizationFilter,只有perms,roles,ssl,rest,port才是属于AuthorizationFilter,而anon,authcBasic,auchc,user是AuthenticationFilter,所以unauthorizedUrl设置后不起作用。

shiro源代码

    private void applyUnauthorizedUrlIfNecessary(Filter filter) {
        String unauthorizedUrl = getUnauthorizedUrl();
        if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) {
            AuthorizationFilter authzFilter = (AuthorizationFilter) filter;
            //only apply the unauthorizedUrl if they haven't explicitly configured one already:
            String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
            if (existingUnauthorizedUrl == null) {
                authzFilter.setUnauthorizedUrl(unauthorizedUrl);
            }
        }
    }

 

shiro默认过滤器(10个) 

    • anon -- org.apache.shiro.web.filter.authc.AnonymousFilter
    • authc -- org.apache.shiro.web.filter.authc.FormAuthenticationFilter
    • authcBasic -- org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
    • perms -- org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
    • port -- org.apache.shiro.web.filter.authz.PortFilter
    • rest -- org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
    • roles -- org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
    • ssl -- org.apache.shiro.web.filter.authz.SslFilter
    • user -- org.apache.shiro.web.filter.authc.UserFilter
    • logout -- org.apache.shiro.web.filter.authc.LogoutFilter

 

posted @ 2016-05-24 18:08  火光闪耀  阅读(12802)  评论(0编辑  收藏  举报