Shiro权限控制(四):Shiro注解验证异常处理

爱被打了一巴掌 2022-02-21 13:16 891阅读 0赞

**一、目标**  
权限验证异常时，对异常进行封装，使之不直接抛给用户

**二、前言**  
在前面的一篇博文中[《Shiro权限控制(三):Shiro注解权限验证》][Shiro_Shiro]，权限验证异常时，异常信息直接抛到页面显示，如何处理验证时的异常信息呢，请看下面的介绍

**三、定义异常处理类**  
异常有两种，登录认证异常和权限认证异常，分别对应的异常类是  
登录认证异常：UnauthenticatedException，AuthenticationException  
权限认证异常：UnauthorizedException，AuthorizationException

因此创建一个BaseController,分别来处理这些异常，如下

package com.bug.controller;
    
    import java.io.IOException;
    import java.io.PrintWriter;
    import java.util.HashMap;
    import java.util.Map;
    
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authz.AuthorizationException;
    import org.apache.shiro.authz.UnauthenticatedException;
    import org.apache.shiro.authz.UnauthorizedException;
    import org.springframework.web.bind.annotation.ExceptionHandler;
    
    import com.bug.common.JSONParseUtils;
    
    public abstract class BaseController {
    	/**
    	 * 登录认证异常
    	 * 
    	 * @param request
    	 * @param response
    	 * @return
    	 */
    	@ExceptionHandler({ UnauthenticatedException.class, AuthenticationException.class })
    	public String authenticationException(HttpServletRequest request, HttpServletResponse response) {
    		Map<String, Object> map = new HashMap<>();
    		map.put("status", "-1000");
    		map.put("message", "未登录");
    		writeJson(map, response);
    		return null;
    	}
    
    	/**
    	 * 权限异常
    	 * 
    	 * @param request
    	 * @param response
    	 * @return
    	 */
    	@ExceptionHandler({ UnauthorizedException.class, AuthorizationException.class })
    	public String authorizationException(HttpServletRequest request, HttpServletResponse response) {
    		Map<String, Object> map = new HashMap<>();
    		map.put("status", "-1001");
    		map.put("message", "无权限");
    		writeJson(map, response);
    		return null;
    	}
    
    	private void writeJson(Map<String, Object> map, HttpServletResponse response) {
    		PrintWriter out = null;
    		try {
    			response.setCharacterEncoding("UTF-8");
    			response.setContentType("application/json; charset=utf-8");
    			out = response.getWriter();
    
    			out.write(JSONParseUtils.readJsonString(map));
    		} catch (IOException e) {
    		} finally {
    			if (out != null) {
    				out.close();
    			}
    		}
    	}
    }

说明：  
当登录验证失败时，会通过authenticationException方法返回错误信息，当权限认证异常时，通过authorizationException方法返回错误信息

在其他Controller中，只需要继承BaseController即可，如下的UserController

@Controller
    @RequestMapping("/user")
    public class UserController extends BaseController{
    	@ResponseBody
    	@RequiresPermissions({"USER:ADD"})
    	@RequestMapping(value="/addUser",method = RequestMethod.GET)
    	public ResponseVO<String> addUser() {
    		ResponseVO<String> response = new ResponseVO<String>();
    		try {
    			response.setMessage("add user success");
    		} catch (Exception e) {
    			logger.error("add user error:",e);
    			response.setStatus(ResponseVO.failCode);
    		}
    		return response;
    	}
    }

**四、验证**  
未登录，进入访问http://localhost:8080/bug.web/user/addUser，报未登录的提示信息，如下  
![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2tpdHk5NDIw_size_16_color_FFFFFF_t_70]  
未增加USER:ADD权限，登录后访问http://localhost:8080/bug.web/user/addUser，报无权限的信息，如下  
![在这里插入图片描述][20190410235132974.png]  
到此，基于注解的权限验证异常处理就介绍到这里！！！

[Shiro_Shiro]: https://blog.csdn.net/kity9420/article/details/89198613
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2tpdHk5NDIw_size_16_color_FFFFFF_t_70]: /images/20220221/e1efee7a2a9d4d4dbf797da381683aa8.png
[20190410235132974.png]: /images/20220221/57b4938d82054a2f8a904f5a0221014a.png