setUnauthorizedUrl(“”)不起作用,不能设置没有权限的跳转页面

  • Post author:
  • Post category:其他


SpringBoot中集成Shiro的时候, 配置setUnauthorizedUrl(“”)了,但是不起作用,只会在控制台打印UnauthorizedException异常信息:

原因:

Shiro源码中是这样做的:


private void applyUnauthorizedUrlIfNecessary(Filter filter) {
        String unauthorizedUrl = this.getUnauthorizedUrl();
        if(StringUtils.hasText(unauthorizedUrl) && filter instanceof AuthorizationFilter) {
            AuthorizationFilter authzFilter = (AuthorizationFilter)filter;
            String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
            if(existingUnauthorizedUrl == null) {
                authzFilter.setUnauthorizedUrl(unauthorizedUrl);
            }
        }
 
    }

只有perms,roles,ssl,rest,port才是属于AuthorizationFilter,而anon,authcBasic,authc,user是AuthenticationFilter,所以unauthorizedUrl设置后不起作用,只会在控制台打印异常信息。

我们可以自定义一个全局统一的异常处理器:

@RestControllerAdvice
public class GlobalExceptionHandler {

    private static final Logger log = LoggerFactory.getLogger(GlobalExceptionHandler.class);

    /**
     * 权限异常处理
     */
    @ExceptionHandler(AuthorizationException.class)
    public Object handleAuthorizationException(AuthorizationException e) {
        log.error(e.getMessage(), e);
        if (e instanceof UnauthorizedException) {
            ModelAndView modelAndView = new ModelAndView();
            modelAndView.setViewName("error/unauth");
            return modelAndView;

        } else {
            return e.getMessage();
        }
    }
    }

参考地址:https://blog.csdn.net/qq_33002015/article/details/82761924?utm_medium=distribute.pc_relevant.none-task-blog-BlogCommendFromBaidu-7&depth_1-utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromBaidu-7