shiro无权限访问时unauthorizedUrl不起作用

/**
     * 读ShiroFilterFactoryBean源码可知，只有满足一下条件没有权限访问的时候才会跳转到配置的unauthorizedUrl页面
     * if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) {
     * 由于此处是认证过滤器，非授权过滤器，所以，访问没有权限时，页面会直接报错，很不友好，解决办法：加入spring异常处理
     * @return
     */
    @RequiresPermissions("/user/list.do")
    @RequestMapping("/list.do")
    public String userList() {
        return "user/list";
    }

异常处理配置：

package com.sniper.shiro.security.web.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.ModelAndView;

/**
 * 异常统一处理，捕获异常，跳转到对应视图
 * @author sniper
 *
 */
public class ShiroExceptionResolver implements HandlerExceptionResolver {

    @Override
    public ModelAndView resolveException(HttpServletRequest request,
            HttpServletResponse response, Object handler, Exception ex) {
        if(ex instanceof UnauthorizedException) {
            return new ModelAndView("redirect:/refuse.jsp");  
        }
        return new ModelAndView("redirect:/exception.jsp");
    }

}

springmvc.xml

<bean id="exceptionResolver" class="com.sniper.shiro.security.web.interceptor.ShiroExceptionResolver"/>