问题:
spingboot 项目整合shiro 后, 通过注解 @RequirePermissions来进行权限控制
@ResponseBody
@RequestMapping(value = "/detail", method = RequestMethod.POST)
@RequiresPermissions("sys:msg:list")
public ResultEntity detail(Long userId) {
// ...
return ResultEntity.ok();
}
在未登陆的情况下, 访问接口会抛出异常:
This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed ..
解决:
上述异常抛出后, 我们可以使用自定义的拦截器来处理抛出的异常 ; 在自定义异常中 可以自定义返回信息给调用方;
@ExceptionHandler(AuthorizationException.class)
public ResultEntity handleAuthorizationException(AuthorizationException e){
log.error(e.getMessage(), e);
return ResultEntity.error("请联系管理员授权后,登陆操作");
}
参考: https://blog.csdn.net/fly_leopard/article/details/53318492