shiro中unauthorizedUrl不起作用

最新推荐文章于 2021-11-25 14:28:00 发布

weixin_30361641

最新推荐文章于 2021-11-25 14:28:00 发布

阅读量150

点赞数

原文链接：http://www.cnblogs.com/qlong8807/p/5524381.html

版权

解决方法：

在shiro配置文件中添加（异常全路径做key，错误页面做value）

<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
        <property name="exceptionMappings">
            <props>
                <prop key="org.apache.shiro.authz.UnauthorizedException">/403</prop>
            </props>
        </property>
    </bean>

原因：这是因为shiro源代码中判断了filter是否为AuthorizationFilter，只有perms，roles，ssl，rest，port才是属于AuthorizationFilter，而anon，authcBasic，auchc，user是AuthenticationFilter，所以unauthorizedUrl设置后不起作用。

shiro源代码

    private void applyUnauthorizedUrlIfNecessary(Filter filter) {
        String unauthorizedUrl = getUnauthorizedUrl();
        if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) {
            AuthorizationFilter authzFilter = (AuthorizationFilter) filter;
            //only apply the unauthorizedUrl if they haven't explicitly configured one already:
            String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
            if (existingUnauthorizedUrl == null) {
                authzFilter.setUnauthorizedUrl(unauthorizedUrl);
            }
        }
    }

shiro默认过滤器(10个)

- anon -- org.apache.shiro.web.filter.authc.AnonymousFilter
- authc -- org.apache.shiro.web.filter.authc.FormAuthenticationFilter
- authcBasic -- org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
- perms -- org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
- port -- org.apache.shiro.web.filter.authz.PortFilter
- rest -- org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
- roles -- org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
- ssl -- org.apache.shiro.web.filter.authz.SslFilter
- user -- org.apache.shiro.web.filter.authc.UserFilter
- logout -- org.apache.shiro.web.filter.authc.LogoutFilter

转载于:https://www.cnblogs.com/qlong8807/p/5524381.html