(zlt尼玛银行),原创文章,转发请注明出处:http://write.blog.csdn.net/postedit
源码ShiroFilterFactoryBean.java
private void applyUnauthorizedUrlIfNecessary(Filter filter) {
String unauthorizedUrl = getUnauthorizedUrl();
if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) {
AuthorizationFilter authzFilter = (AuthorizationFilter) filter;
//only apply the unauthorizedUrl if they haven't explicitly configured one already:
String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
if (existingUnauthorizedUrl == null) {
authzFilter.setUnauthorizedUrl(unauthorizedUrl);
}
}
}
定义的filter必须满足filter instanceof AuthorizationFilter,只有perms,roles,ssl,rest,port才是属于AuthorizationFilter,而anon,authcBasic,auchc,user是AuthenticationFilter,所以unauthorizedUrl设置后页面不跳转
解决方法要么就使用perms,roles,ssl,rest,port,要不请看如下解决办法
<!-- 没有权限时跳转的url -->
<property name="unauthorizedUrl" value="/Manage/Unauth/unauth.do"></property>
解决办法
自定义异常类Reslover 捕捉异常,如果异常为无权限异常就手动就是转发到无权页面。
/**
*
* 类名称:MyExceptionResolver.java
* 类描述:
* @author lsq
* 作者单位:
* 联系方式:QQ237442461
* @version 1.0
*/
public class MyExceptionResolver implements HandlerExceptionResolver{
public ModelAndView resolveException(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex) {
// TODO Auto-generated method stub
System.out.println("==============异常开始=============");
//如果是shiro无权操作,因为shiro 在操作auno等一部分不进行转发至无权限url
if(ex instanceof UnauthorizedException){
ModelAndView mv = new ModelAndView("manage/unauth/index");
return mv;
}
ex.printStackTrace();
System.out.println("==============异常结束=============");
ModelAndView mv = new ModelAndView("error");
mv.addObject("exception", ex.toString().replaceAll("\n", "<br/>"));
return mv;
}
}
Spring-mvc 配置自定义异常
<!-- 自定义异常处理-->
<bean id="exceptionResolver" class="com.ljy.manage.resolver.MyExceptionResolver"></bean>