setUnauthorizedUrl("/403")不起作用,不能設定沒有許可權的跳轉頁面
阿新 • • 發佈:2018-12-20
SpringBoot中整合Shiro的時候, 配置setUnauthorizedUrl("/403")了,但是不起作用,只會在控制檯列印UnauthorizedException
異常資訊:
原因:
Shiro原始碼中是這樣做的:
private void applyUnauthorizedUrlIfNecessary(Filter filter) { String unauthorizedUrl = this.getUnauthorizedUrl(); if(StringUtils.hasText(unauthorizedUrl) && filter instanceof AuthorizationFilter) { AuthorizationFilter authzFilter = (AuthorizationFilter)filter; String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl(); if(existingUnauthorizedUrl == null) { authzFilter.setUnauthorizedUrl(unauthorizedUrl); } } }
只有perms,roles,ssl,rest,port才是屬於AuthorizationFilter,而anon,authcBasic,authc,user是AuthenticationFilter,所以unauthorizedUrl設定後不起作用,只會在控制檯列印異常資訊。
接下來,我們需要做一些配置,自己來處理UnauthorizedException異常:
1.第一種方式
public class MyExceptionResolver implements HandlerExceptionResolver { @Override public ModelAndView resolveException(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse, Object o, Exception e) { if (e instanceof UnauthorizedException) { ModelAndView mv = new ModelAndView("/403"); return mv; } return null; } }
當然,還有其他的方法可以自己處理。
比如:
2.用spring mvc的統一異常處理類HandlerExceptionResolver
定義一個類繼承HandlerExceptionResolver
,然後判斷UnauthorizedException
異常即可。
public class MyExceptionResolver implements HandlerExceptionResolver { @Override public ModelAndView resolveException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) { if (e instanceof UnauthorizedException) { ModelAndView mv = new ModelAndView("/403"); return mv; } return null; } }
然後,在啟動類中註冊該bean
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
// 註冊統一異常處理bean
@Bean
public MyExceptionResolver myExceptionResolver() {
return new MyExceptionResolver();
}
}