shiro中setUnauthorizedUrl("/403")不起作用
最近学习shiro框架,在用户没有权限的情况下想让其跳转到403页面,结果非自己预想的效果。后来找到一个解决办法如下:
SpringBoot中集成Shiro的时候, 配置setUnauthorizedUrl("/403")了,但是不起作用,只会在控制台打印UnauthorizedException异常信息:
原因:
Shiro源码中是这样做的:
private void applyUnauthorizedUrlIfNecessary(Filter filter) { String unauthorizedUrl = this.getUnauthorizedUrl(); if(StringUtils.hasText(unauthorizedUrl) && filter instanceof AuthorizationFilter) { AuthorizationFilter authzFilter = (AuthorizationFilter)filter; String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl(); if(existingUnauthorizedUrl == null) { authzFilter.setUnauthorizedUrl(unauthorizedUrl); } } }
只有perms,roles,ssl,rest,port才是属于AuthorizationFilter,而anon,authcBasic,authc,user是AuthenticationFilter,所以unauthorizedUrl设置后不起作用,只会在控制台打印异常信息。
接下来,我们需要做一些配置,自己来处理UnauthorizedException异常:
1.第一种方式
@Configuration public class ExceptionConf { @Bean public SimpleMappingExceptionResolver resolver() { SimpleMappingExceptionResolver resolver = new SimpleMappingExceptionResolver(); Properties properties = new Properties(); properties.setProperty("org.apache.shiro.authz.UnauthorizedException", "/403"); resolver.setExceptionMappings(properties); return resolver; } }
当然,还有其他的方法可以自己处理。
比如:
2.用spring mvc的统一异常处理类HandlerExceptionResolver
定义一个类继承HandlerExceptionResolver,然后判断UnauthorizedException异常即可。
public class MyExceptionResolver implements HandlerExceptionResolver { @Override public ModelAndView resolveException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) { if (e instanceof UnauthorizedException) { ModelAndView mv = new ModelAndView("/403"); return mv; } return null; } }
然后,在启动类中注册该bean
@SpringBootApplication public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } // 注册统一异常处理bean @Bean public MyExceptionResolver myExceptionResolver() { return new MyExceptionResolver(); } }
