spring boot 整合 shiro setUnauthorizedUrl这个方法设置的url 反复测试无效,如果在ShiroConfiguration配置文件中这么配置权限filterChainDefinitionMap.put("/role/roleList.do", "perms[role:roleList]");的话,无权限就会跳转到对应的url“/auth/unauthorized.do”中去,而在controller中用@RequiresPermissions(value = {"role:roleList"})用这种方式的话,setUnauthorizedUrl方法根本无效!!!
PS:经过多方查资料发现
anon,authcBasic,auchc,user是AuthenticationFilter,perms,roles,ssl,rest,port才是属于AuthorizationFilter,而定义的filter必须instanceof AuthorizationFilter这个方法setUnauthorizedUrl才生效
解决办法:添加一个全局异常处理类GlobalExceptionHandler
@ControllerAdvice
@ResponseBody
public class GlobalExceptionHandler {
@ExceptionHandler(value=UnauthorizedException.class)
public JSONObject unauthorizedHandler(HttpServletRequest request, Exception exception) throws Exception
{
return Body.toJsonBody(null, "您无此权限", Body.AUTH_UNAUTHORIZED);
}
@ExceptionHandler(value=Exception.class)
public JSONObject allExceptionHandler(HttpServletRequest request, Exception exception) throws Exception
{
exception.printStackTrace();
return Body.toJsonBody(null, exception.getMessage(), -1L);
}
}
一定要注意:
1.spring boot启动方法Application一定要扫描到GlobalExceptionHandler 所在的包
2.@ControllerAdvice项目中只能有一个