setUnauthorizedUrl("/403")不起作用
SpringBoot中集成Shiro的時候, 配置setUnauthorizedUrl("/403")了,但是不起作用,只會在控制檯打印UnauthorizedException
異常信息:
原因:
Shiro源碼中是這樣做的:
private void applyUnauthorizedUrlIfNecessary(Filter filter) {
String unauthorizedUrl = this.getUnauthorizedUrl();
if(StringUtils.hasText(unauthorizedUrl) && filter instanceof AuthorizationFilter) {
AuthorizationFilter authzFilter = (AuthorizationFilter)filter;
String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
if(existingUnauthorizedUrl == null) {
authzFilter.setUnauthorizedUrl(unauthorizedUrl);
}
}
}
只有perms,roles,ssl,rest,port纔是屬於AuthorizationFilter,而anon,authcBasic,authc,user是AuthenticationFilter,所以unauthorizedUrl設置後不起作用,只會在控制檯打印異常信息。
接下來,我們需要做一些配置,自己來處理UnauthorizedException異常:
1.第一種方式
@Configuration
public class ExceptionConf {
@Bean
public SimpleMappingExceptionResolver resolver() {
SimpleMappingExceptionResolver resolver = new SimpleMappingExceptionResolver();
Properties properties = new Properties();
properties.setProperty("org.apache.shiro.authz.UnauthorizedException", "/403");
resolver.setExceptionMappings(properties);
return resolver;
}
}
當然,還有其他的方法可以自己處理。
比如:
2.用spring mvc的統一異常處理類HandlerExceptionResolver
定義一個類繼承HandlerExceptionResolver
,然後判斷UnauthorizedException
異常即可。
public class MyExceptionResolver implements HandlerExceptionResolver {
@Override
public ModelAndView resolveException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) {
if (e instanceof UnauthorizedException) {
ModelAndView mv = new ModelAndView("/403");
return mv;
}
return null;
}
}
然後,在啓動類中註冊該bean
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
// 註冊統一異常處理bean
@Bean
public MyExceptionResolver myExceptionResolver() {
return new MyExceptionResolver();
}
}