本文解析了SpringBoot中集成Shiro时未经授权URL设置无效的问题,深入探讨了Shiro源码,指出perms、roles等属于AuthorizationFilter,而anon、authc等属于AuthenticationFilter。通过自定义全局异常处理器,实现权限异常时的友好页面跳转。
SpringBoot中集成Shiro的时候, 配置setUnauthorizedUrl("")了,但是不起作用,只会在控制台打印UnauthorizedException异常信息:
原因:
Shiro源码中是这样做的:
private void applyUnauthorizedUrlIfNecessary(Filter filter) {
String unauthorizedUrl = this.getUnauthorizedUrl();
if(StringUtils.hasText(unauthorizedUrl) && filter instanceof AuthorizationFilter) {
AuthorizationFilter authzFilter = (AuthorizationFilter)filter;
String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
if(existingUnauthorizedUrl == null) {
authzFilter.setUnauthorizedUrl(unauthorizedUrl);
}
}
}
只有perms,roles,ssl,rest,port才是属于AuthorizationFilter,而anon,authcBasic,authc,user是AuthenticationFilter,所以unauthorizedUrl设置后不起作用,只会在控制台打印异常信息。
我们可以自定义一个全局统一的异常处理器:
@RestControllerAdvice
public class GlobalExceptionHandler {
private static final Logger log = LoggerFactory.getLogger(GlobalExceptionHandler.class);
/**
* 权限异常处理
*/
@ExceptionHandler(AuthorizationException.class)
public Object handleAuthorizationException(AuthorizationException e) {
log.error(e.getMessage(), e);
if (e instanceof UnauthorizedException) {
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("error/unauth");
return modelAndView;
} else {
return e.getMessage();
}
}
}
参考地址:https://blog.csdn.net/qq_33002015/article/details/82761924?utm_medium=distribute.pc_relevant.none-task-blog-BlogCommendFromBaidu-7&depth_1-utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromBaidu-7
扫一扫
514
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
