一、目標
權限驗證異常時,對異常進行封裝,使之不直接拋給用戶
二、前言
在前面的一篇博文中《Shiro權限控制(三):Shiro註解權限驗證》,權限驗證異常時,異常信息直接拋到頁面顯示,如何處理驗證時的異常信息呢,請看下面的介紹
三、定義異常處理類
異常有兩種,登錄認證異常和權限認證異常,分別對應的異常類是
登錄認證異常:UnauthenticatedException,AuthenticationException
權限認證異常:UnauthorizedException,AuthorizationException
因此創建一個BaseController,分別來處理這些異常,如下
package com.bug.controller;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import com.bug.common.JSONParseUtils;
public abstract class BaseController {
/**
* 登錄認證異常
*
* @param request
* @param response
* @return
*/
@ExceptionHandler({ UnauthenticatedException.class, AuthenticationException.class })
public String authenticationException(HttpServletRequest request, HttpServletResponse response) {
Map<String, Object> map = new HashMap<>();
map.put("status", "-1000");
map.put("message", "未登錄");
writeJson(map, response);
return null;
}
/**
* 權限異常
*
* @param request
* @param response
* @return
*/
@ExceptionHandler({ UnauthorizedException.class, AuthorizationException.class })
public String authorizationException(HttpServletRequest request, HttpServletResponse response) {
Map<String, Object> map = new HashMap<>();
map.put("status", "-1001");
map.put("message", "無權限");
writeJson(map, response);
return null;
}
private void writeJson(Map<String, Object> map, HttpServletResponse response) {
PrintWriter out = null;
try {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
out = response.getWriter();
out.write(JSONParseUtils.readJsonString(map));
} catch (IOException e) {
} finally {
if (out != null) {
out.close();
}
}
}
}
說明:
當登錄驗證失敗時,會通過authenticationException方法返回錯誤信息,當權限認證異常時,通過authorizationException方法返回錯誤信息
在其他Controller中,只需要繼承BaseController即可,如下的UserController
@Controller
@RequestMapping("/user")
public class UserController extends BaseController{
@ResponseBody
@RequiresPermissions({"USER:ADD"})
@RequestMapping(value="/addUser",method = RequestMethod.GET)
public ResponseVO<String> addUser() {
ResponseVO<String> response = new ResponseVO<String>();
try {
response.setMessage("add user success");
} catch (Exception e) {
logger.error("add user error:",e);
response.setStatus(ResponseVO.failCode);
}
return response;
}
}
四、驗證
未登錄,進入訪問http://localhost:8080/bug.web/user/addUser,報未登錄的提示信息,如下
未增加USER:ADD權限,登錄後訪問http://localhost:8080/bug.web/user/addUser,報無權限的信息,如下
到此,基於註解的權限驗證異常處理就介紹到這裏!!!