shiro无权限访问时unauthorizedUrl不起作用

/**
     * 读ShiroFilterFactoryBean源码可知,只有满足一下条件没有权限访问的时候才会跳转到配置的unauthorizedUrl页面
     * if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) {
     * 由于此处是认证过滤器,非授权过滤器,所以,访问没有权限时,页面会直接报错,很不友好,解决办法:加入spring异常处理
     * @return
     */
    @RequiresPermissions("/user/list.do")
    @RequestMapping("/list.do")
    public String userList() {
        return "user/list";
    }

异常处理配置:

package com.sniper.shiro.security.web.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.ModelAndView;

/**
 * 异常统一处理,捕获异常,跳转到对应视图
 * @author sniper
 *
 */
public class ShiroExceptionResolver implements HandlerExceptionResolver {

    @Override
    public ModelAndView resolveException(HttpServletRequest request,
            HttpServletResponse response, Object handler, Exception ex) {
        if(ex instanceof UnauthorizedException) {
            return new ModelAndView("redirect:/refuse.jsp");  
        }
        return new ModelAndView("redirect:/exception.jsp");
    }

}

springmvc.xml


转载于:https://my.oschina.net/sniperLi/blog/650627

你可能感兴趣的:(shiro无权限访问时unauthorizedUrl不起作用)