Shiro权限控制之注解验证异常处理(四)
一、目标
权限验证异常时,对异常进行封装,使之不直接抛给用户
二、前言
在前面的一篇博文中《Shiro权限控制之注解验证(三)》,权限验证异常时,异常信息直接抛到页面显示,如何处理验证时的异常信息呢,请看下面的介绍
三、定义异常处理类
异常有两种,登录认证异常和权限认证异常,分别对应的异常类是
登录认证异常:UnauthenticatedException,AuthenticationException
权限认证异常:UnauthorizedException,AuthorizationException
因此创建一个BaseController,分别来处理这些异常,如下
package com.bug.controller;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import com.bug.common.JSONParseUtils;
public abstract class BaseController {
/**
* 登录认证异常
*
* @param request
* @param response
* @return
*/
@ExceptionHandler({ UnauthenticatedException.class, AuthenticationException.class })
public String authenticationException(HttpServletRequest request, HttpServletResponse response) {
Map<String, Object> map = new HashMap<>();
map.put("status", "-1000");
map.put("message", "未登录");
writeJson(map, response);
return null;
}
/**
* 权限异常
*
* @param request
* @param response
* @return
*/
@ExceptionHandler({ UnauthorizedException.class, AuthorizationException.class })
public String authorizationException(HttpServletRequest request, HttpServletResponse response) {
Map<String, Object> map = new HashMap<>();
map.put("status", "-1001");
map.put("message", "无权限");
writeJson(map, response);
return null;
}
private void writeJson(Map<String, Object> map, HttpServletResponse response) {
PrintWriter out = null;
try {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
out = response.getWriter();
out.write(JSONParseUtils.readJsonString(map));
} catch (IOException e) {
} finally {
if (out != null) {
out.close();
}
}
}
}
说明:
当登录验证失败时,会通过authenticationException方法返回错误信息,当权限认证异常时,通过authorizationException方法返回错误信息
在其他Controller中,只需要继承BaseController即可,如下的UserController
@Controller
@RequestMapping("/user")
public class UserController extends BaseController{
@ResponseBody
@RequiresPermissions({"USER:ADD"})
@RequestMapping(value="/addUser",method = RequestMethod.GET)
public ResponseVO<String> addUser() {
ResponseVO<String> response = new ResponseVO<String>();
try {
response.setMessage("add user success");
} catch (Exception e) {
logger.error("add user error:",e);
response.setStatus(ResponseVO.failCode);
}
return response;
}
}
四、验证
未登录,进入访问http://localhost:8080/bug.web/user/addUser,报未登录的提示信息,如下
未增加USER:ADD权限,登录后访问http://localhost:8080/bug.web/user/addUser,报无权限的信息,如下
到此,基于注解的权限验证异常处理就介绍到这里!!!