SpringBoot中集成Shiro的时候, 配置setUnauthorizedUrl(“”)了,但是不起作用,只会在控制台打印UnauthorizedException异常信息:
原因:
Shiro源码中是这样做的:
private void applyUnauthorizedUrlIfNecessary(Filter filter) {
String unauthorizedUrl = this.getUnauthorizedUrl();
if(StringUtils.hasText(unauthorizedUrl) && filter instanceof AuthorizationFilter) {
AuthorizationFilter authzFilter = (AuthorizationFilter)filter;
String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
if(existingUnauthorizedUrl == null) {
authzFilter.setUnauthorizedUrl(unauthorizedUrl);
}
}
}
只有perms,roles,ssl,rest,port才是属于AuthorizationFilter,而anon,authcBasic,authc,user是AuthenticationFilter,所以unauthorizedUrl设置后不起作用,只会在控制台打印异常信息。
我们可以自定义一个全局统一的异常处理器:
@RestControllerAdvice
public class GlobalExceptionHandler {
private static final Logger log = LoggerFactory.getLogger(GlobalExceptionHandler.class);
/**
* 权限异常处理
*/
@ExceptionHandler(AuthorizationException.class)
public Object handleAuthorizationException(AuthorizationException e) {
log.error(e.getMessage(), e);
if (e instanceof UnauthorizedException) {
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("error/unauth");
return modelAndView;
} else {
return e.getMessage();
}
}
}
参考地址:https://blog.csdn.net/qq_33002015/article/details/82761924?utm_medium=distribute.pc_relevant.none-task-blog-BlogCommendFromBaidu-7&depth_1-utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromBaidu-7