81,092
社区成员
发帖
与我相关
我的任务
分享springBoot集成shiro做用户访问权限时遇到方法没权限访问,但是不跳到配置的页面
shirFilter配置如下:
没权限的时候控制台报错如下:
org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [userInfo:del]
at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:323)
at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205)
at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84)
at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:100)
-------此处省略
Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.kfit.zzy.controller.loginController.helloJsp(java.util.Map,org.springframework.ui.Model)
at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90)
... 73 more
DEBUG [http-nio-8080-exec-4] - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@32697fab
ERROR [http-nio-8080-exec-4] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [userInfo:del]] with root cause
org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.kfit.zzy.controller.loginController.helloJsp(java.util.Map,org.springframework.ui.Model)
--------此处省略
在有权限的情况下正常访问,请问这是我什么地方配置有问题吗?
没权限的时候控制台报错如下:
org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [userInfo:del]
at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:323)
at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205)
at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84)
at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:100)
-------此处省略
Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.kfit.zzy.controller.loginController.helloJsp(java.util.Map,org.springframework.ui.Model)
at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90)
... 73 more
DEBUG [http-nio-8080-exec-4] - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@32697fab
ERROR [http-nio-8080-exec-4] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [userInfo:del]] with root cause
org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.kfit.zzy.controller.loginController.helloJsp(java.util.Map,org.springframework.ui.Model)
--------此处省略
在有权限的情况下正常访问,请问这是我什么地方配置有问题吗?
...全文
请发表友善的回复…
发表回复
eternity_zzy 2017-11-16
- 打赏
- 举报
@weixin_39164352
eternity_zzy 2017-11-16
- 打赏
- 举报
若是需要提交数据并跳转页面可以直接提交form表单,不用ajax 若是ajax的话直接写个function window.location.href就OK
weixin_39164352 2017-11-14
- 打赏
- 举报
@enernity_zzy 前台用的ajax怎么做页面跳转
eternity_zzy 2017-11-13
- 打赏
- 举报
@m0_38129817 我直接用@ControllerAdvice来捕获UnauthorizedException.class的异常了
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
@ControllerAdvice
public class exceptionController {
@ExceptionHandler(value = UnauthorizedException.class)//处理访问方法时权限不足问题
public String defaultErrorHandler(HttpServletRequest req, Exception e) {
return "403";
}
}
无敌散狗 2017-11-07
- 打赏
- 举报
我也遇到这个问题,我解决的办法是在拦截器 加上权限控制代码perms[userInfo:add,userInfo:del],具体看一下拦截器,perms【】数组里面我是写死的方便测试,可以动态加载。
// 拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
// 配置退出过滤器,其中的具体的退出代码Shiro已经替我们实现了
filterChainDefinitionMap.put("/logout", "logout");
// <!-- 过滤链定义,从上向下顺序执行,一般将 /**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;
// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/welcome.html", "anon");
filterChainDefinitionMap.put("/403.html", "roles");
filterChainDefinitionMap.put("/403", "roles");
filterChainDefinitionMap.put("/info/**", "authc,perms[userInfo:add,userInfo:del]");//解决办法是加上这行代码
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
以上是我解决的办法,希望可以帮到你
