當客戶端的用戶要請求一個需要該用戶所不具有的role的接口時,往往會拋出未授權異常UnauthorizedException。
默認處理改異常的方式是在springmvc.xml中配置
org.springframework.web.servlet.handler.SimpleMappingExceptionResolver
如下:
<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props>
<!-- 錯誤異常轉發jsp頁面 -->
<prop key="org.apache.shiro.authz.UnauthorizedException">/unauthorized.jsp</prop>
<prop key="org.apache.shiro.authz.UnauthenticatedException">/unauthenticated.jsp</prop>
</props>
</property>
</bean>
如果遇到這種情況不需要跳轉別的頁面而只需要返回一個結果給客戶端,則需要自定義此處的
SimpleMappingExceptionResolver
主要是覆蓋doResolveException
@Override
protected ModelAndView doResolveException(HttpServletRequest request, HttpServletResponse response,
Object handler, Exception ex) {
try {
// Expose ModelAndView for chosen error view.
BaseResult result = new BaseResult();
if (ex instanceof UnauthorizedException) {
result.setMsg(RespMSG.MSG_UNAUTHORIZED );
result.setStatus(RespMSG.STATUS_UNAUTHORIZED);
} else if (ex instanceof UnauthenticatedException) {
result.setMsg(RespMSG.MSG_UNAUTHENTICATED );
result.setStatus(RespMSG.STATUS_UNAUTHENTICATED);
} else {
result.setMsg(RespMSG.MSG_FAILLED );
result.setStatus(RespMSG.STATUS_FAILLED);
}
response.setHeader("Content-type", "text/html;charset=UTF-8");
PrintWriter writer = response.getWriter();
writer.write(new Gson().toJson(result));
writer.flush();
} catch (IOException e) {
e.printStackTrace();
}
return null;
}