最近學習shiro框架,在用戶沒有權限的情況下想讓其跳轉到403頁面,結果非自己預想的效果。后來找到一個解決辦法如下:
SpringBoot中集成Shiro的時候, 配置setUnauthorizedUrl("/403")了,但是不起作用,只會在控制台打印UnauthorizedException異常信息:
原因:
Shiro源碼中是這樣做的:
private void applyUnauthorizedUrlIfNecessary(Filter filter) { String unauthorizedUrl = this.getUnauthorizedUrl(); if(StringUtils.hasText(unauthorizedUrl) && filter instanceof AuthorizationFilter) { AuthorizationFilter authzFilter = (AuthorizationFilter)filter; String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl(); if(existingUnauthorizedUrl == null) { authzFilter.setUnauthorizedUrl(unauthorizedUrl); } } }
只有perms,roles,ssl,rest,port才是屬於AuthorizationFilter,而anon,authcBasic,authc,user是AuthenticationFilter,所以unauthorizedUrl設置后不起作用,只會在控制台打印異常信息。
接下來,我們需要做一些配置,自己來處理UnauthorizedException異常:
1.第一種方式
@Configuration public class ExceptionConf { @Bean public SimpleMappingExceptionResolver resolver() { SimpleMappingExceptionResolver resolver = new SimpleMappingExceptionResolver(); Properties properties = new Properties(); properties.setProperty("org.apache.shiro.authz.UnauthorizedException", "/403"); resolver.setExceptionMappings(properties); return resolver; } }
當然,還有其他的方法可以自己處理。
比如:
2.用spring mvc的統一異常處理類HandlerExceptionResolver
定義一個類繼承HandlerExceptionResolver,然后判斷UnauthorizedException異常即可。
public class MyExceptionResolver implements HandlerExceptionResolver { @Override public ModelAndView resolveException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) { if (e instanceof UnauthorizedException) { ModelAndView mv = new ModelAndView("/403"); return mv; } return null; } }
然后,在啟動類中注冊該bean
@SpringBootApplication public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } // 注冊統一異常處理bean @Bean public MyExceptionResolver myExceptionResolver() { return new MyExceptionResolver(); } }