最近使用shiro框架控制用户权限,用户权限认证未通过时,无法跳转到unauthorizedUrl对应的页面,直接抛出了异常
解决方法:
1、mvc
<!-- 定义需要特殊处理的异常,用类名或完全路径名作为key,异常页名作为值 -->
<property name="exceptionMappings">
<props>
<prop key="org.apache.shiro.authz.UnauthorizedException">none_authority</prop>
</props>
</property>
2、web.xml
- <error-page>
- <error-code>500</error-code>
- <location>/error.jsp</location>
- </error-page>
原因:
shiro的源代码ShiroFilterFactoryBean.java
- private void applyUnauthorizedUrlIfNecessary(Filter filter) {
- String unauthorizedUrl = getUnauthorizedUrl();
- if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) {
- AuthorizationFilter authzFilter = (AuthorizationFilter) filter;
- //only apply the unauthorizedUrl if they haven't explicitly configured one already:
- String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
- if (existingUnauthorizedUrl == null) {
- authzFilter.setUnauthorizedUrl(unauthorizedUrl);
- }
- }
- }
定义的filter必须满足filter instanceof AuthorizationFilter,只有perms,roles,ssl,rest,port才是属于AuthorizationFilter,而anon,authcBasic,auchc,user是AuthenticationFilter,所以unauthorizedUrl设置后页面不跳转