shirFilter配置如下:
没权限的时候控制台报错如下:
org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [userInfo:del]
at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:323)
at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205)
at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84)
at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:100)
-------此处省略
Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.kfit.zzy.controller.loginController.helloJsp(java.util.Map,org.springframework.ui.Model)
at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90)
... 73 more
DEBUG [http-nio-8080-exec-4] - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@32697fab
ERROR [http-nio-8080-exec-4] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [userInfo:del]] with root cause
org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.kfit.zzy.controller.loginController.helloJsp(java.util.Map,org.springframework.ui.Model)
--------此处省略
在有权限的情况下正常访问,请问这是我什么地方配置有问题吗?
没权限的时候控制台报错如下:
org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [userInfo:del]
at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:323)
at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205)
at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84)
at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:100)
-------此处省略
Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.kfit.zzy.controller.loginController.helloJsp(java.util.Map,org.springframework.ui.Model)
at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90)
... 73 more
DEBUG [http-nio-8080-exec-4] - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@32697fab
ERROR [http-nio-8080-exec-4] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [userInfo:del]] with root cause
org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.kfit.zzy.controller.loginController.helloJsp(java.util.Map,org.springframework.ui.Model)
--------此处省略
在有权限的情况下正常访问,请问这是我什么地方配置有问题吗?
解决方案 »
- 字符串中有汉字时,想打印出来汉字,怎么写代码?
- JSF传值问题,急!!!!
- 关于tomcat5.5换weblogic10.3的问题,各位高手帮看看
- InstallShield6.2中怎么导出安装包啊?
- spring一个问题非常感谢
- 出版社诚征网络编程高手写书,有哪位高手愿意写的?
- 如何实现用jsp从数据库里读出数据并用POI写入excel
- 请大家帮我看看为什么页面无法显示???
- 为什么项目启动时报java.lang.NoClassDefFoundError: Could not initialize class org.xnio.cha
- MyEclipse2014
- 关于单元测试的controller的调用
- Juint测试DBCP连接时出现java.lang.ExceptionInInitializerError
// 拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
// 配置退出过滤器,其中的具体的退出代码Shiro已经替我们实现了
filterChainDefinitionMap.put("/logout", "logout");
// <!-- 过滤链定义,从上向下顺序执行,一般将 /**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;
// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/welcome.html", "anon");
filterChainDefinitionMap.put("/403.html", "roles");
filterChainDefinitionMap.put("/403", "roles");
filterChainDefinitionMap.put("/info/**", "authc,perms[userInfo:add,userInfo:del]");//解决办法是加上这行代码
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
以上是我解决的办法,希望可以帮到你
import javax.servlet.http.HttpServletRequest;import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
@ControllerAdvice
public class exceptionController {
@ExceptionHandler(value = UnauthorizedException.class)//处理访问方法时权限不足问题
public String defaultErrorHandler(HttpServletRequest req, Exception e) {
return "403";
}
}