解决方法:
在shiro配置文件中添加(异常全路径做key,错误页面做value)
<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> <property name="exceptionMappings"> <props> <prop key="org.apache.shiro.authz.UnauthorizedException">/403</prop> </props> </property> </bean>
原因:这是因为shiro源代码中判断了filter是否为AuthorizationFilter,只有perms,roles,ssl,rest,port才是属于AuthorizationFilter,而anon,authcBasic,auchc,user是AuthenticationFilter,所以unauthorizedUrl设置后不起作用。
shiro源代码
private void applyUnauthorizedUrlIfNecessary(Filter filter) { String unauthorizedUrl = getUnauthorizedUrl(); if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) { AuthorizationFilter authzFilter = (AuthorizationFilter) filter; //only apply the unauthorizedUrl if they haven't explicitly configured one already: String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl(); if (existingUnauthorizedUrl == null) { authzFilter.setUnauthorizedUrl(unauthorizedUrl); } } }
shiro默认过滤器(10个)
- anon -- org.apache.shiro.web.filter.authc.AnonymousFilter
- authc -- org.apache.shiro.web.filter.authc.FormAuthenticationFilter
- authcBasic -- org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
- perms -- org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
- port -- org.apache.shiro.web.filter.authz.PortFilter
- rest -- org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
- roles -- org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
- ssl -- org.apache.shiro.web.filter.authz.SslFilter
- user -- org.apache.shiro.web.filter.authc.UserFilter
- logout -- org.apache.shiro.web.filter.authc.LogoutFilter