问题:shiro框架控制用户权限,用户权限认证未通过时,无法跳转到unauthorizedUrl对应的页面,直接抛出了异常。
原因:
- private void applyUnauthorizedUrlIfNecessary(Filter filter) {
- String unauthorizedUrl = getUnauthorizedUrl();
- if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) {
- AuthorizationFilter authzFilter = (AuthorizationFilter) filter;
- //only apply the unauthorizedUrl if they haven't explicitly configured one already:
- String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
- if (existingUnauthorizedUrl == null) {
- authzFilter.setUnauthorizedUrl(unauthorizedUrl);
- }
- }
- }
解决方案:
方案一:
<error-page>
<exception-type>org.apache.shiro.authz.UnauthorizedException</exception-type>
<location>/unauthorized.jsp</location>
</error-page>
方案二:使用perms,roles,ssl,rest,port
方案三:使用@ExceptionHandler(UnauthorizedException.class)