Shiro报异常org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method:
2024-04-04 09:43:30
异常如下
2021-02-12 13:38:13.388 ERROR 6052 --- [io-8080-exec-10] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied.] with root causeorg.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.example.modules.system.controller.SysUserController.user()at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90)at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:100)at org.apache.shiro.authz.aop.AuthorizingMethodInterceptor.invoke(AuthorizingMethodInterceptor.java:38)at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:115)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747)at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:689)at com.example.modules.system.controller.SysUserController$$EnhancerBySpringCGLIB$$2bb327c0.user(<generated>)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.lang.reflect.Method.invoke(Method.java:498)at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106)at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:888)at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:793)at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at com.example.common.xss.XssFilter.doFilter(XssFilter.java:20)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860)at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1598)at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)at java.lang.Thread.run(Thread.java:748)可能是登录session超时导致,而且没有配置setUnauthorizedUrl
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();shiroFilter.setSecurityManager(securityManager);// 加上设置未授权跳转urlshiroFilter.setUnauthorizedUrl("/login");// 其他代码略
}为了测试,在登陆的时候设置超时时间短一点
SecurityUtils.getSubject().getSession().setTimeout(5000);重启服务,但是
Shiro unauthorizedUrl 不起作用,有网文说是因为下面的判断导致,具体不清楚
最后设置自定义的异常解析器可以解决
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.ModelAndView;public class GlobalExceptionHandler implements HandlerExceptionResolver {@Overridepublic ModelAndView resolveException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) {if (e instanceof UnauthorizedException) { // 未授权 : 403ModelAndView mv = new ModelAndView("error/403");return mv;} else if (e instanceof UnauthenticatedException) { // 未认证 : 401ModelAndView mv = new ModelAndView("/login");return mv;}return null;}
}import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;import com.example.common.exception.GlobalExceptionHandler;@SpringBootApplication
public class DemoApplication {public static void main(String[] args) {SpringApplication.run(DemoApplication.class, args);}// 注册统一异常处理bean@Beanpublic GlobalExceptionHandler globalExceptionHandler() {return new GlobalExceptionHandler();}
}当然还需要定义403.html,可以自定义
如果你还有更好的解决办法,麻烦你给我留言,谢谢
本篇就到这,谢谢阅读
获取最新资讯,欢迎关注公众号: 软件开发与技术设计(SoftwareDesigner)
Shiro报异常org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method:相关推荐
- Apache Shiro 反序列化漏洞 [org.apache.shiro.web.mgt.CookieRememberMeManager]
Apache Shiro 反序列化漏洞 2021-02-06 02:34:09,886 [http-bio-8000-exec-18] WARN [org.apache.shiro.mgt.Defa ...
- Log4j MDC Tomcat下报异常org.apache.log4j.helpers.ThreadLocalMap
严重: The web application [/qdgswx] created a ThreadLocal with key of type [org.apache.log4j.helpers.T ...
- 【Shiro】六、Apache Shiro Session管理
1.Session的介绍 关于Session 会话:从启动一个Session到关闭这个Session作为一个会话,是对客户端和服务器端交互的一种封装,带有时效性 会话的产生: 一般从容器中产生 Web ...
- Tomcat 报异常org.apache.catalina.core.standardwrappervalve invoke
第一次 遇到这种错误最郁闷,因为根本没有语法错误,所有都是正确的, req.getSession().setAttribute("isaudit", audit); req.get ...
- Apache shiro介绍
原文链接Application Security With Apache Shiro(翻译) 前面自己自己配合谷歌翻译,后面大部分谷歌翻译. 当你尝试保护你的程序时候你会被困扰吗?你会觉得现有的jav ...
- apache shiro怎么升级_Springboot整合Shiro之授权
第二条为推广文章,阅读一次0.3kuai, 收入用于网站服务器及资源索取. Shiro是我们常用的一个权限管理框架,本文的重点是来介绍下在SpringBoot环境下我们怎么来使用Shiro. 一.添加 ...
- 10分钟教会你Apache Shiro
前言 欢迎来到Apache Shiro 10分钟之旅! 希望通过这个简单.快速的示例,可以让你对应用程序中使用Shiro有个深入的了解.嗯,10分钟你应该可以搞定它. 概述 Apache Shiro是 ...
- 文件用户Apache shiro学习笔记+ spring整合shiro (一)
改章节朋友在青岛游玩的时候突然想到的...这两天就有想写几篇关于文件用户的博客,所以回家到之后就奋笔疾书的写出来发表了 Apache Shiro官网:http://shiro.apache.org/ ...
- Shiro学习总结(2)——Apache Shiro快速入门教程
第一部分 什么是Apache Shiro 1.什么是 apache shiro : Apache Shiro是一个功能强大且易于使用的Java安全框架,提供了认证,授权,加密,和会话管理 如同 spr ...
最新文章
- 利用PHP实现定时任务,利用php 实现定时任务简单实现 代码
- JetBrains发布DataGrip 1.0——数据库与SQL领域中的瑞士军刀
- pythontype(1+0xf*3.14)_numpy强制类型转换|图像线性增强|不同数据类型与图像的显示...
- jlink v9可升级固件‘_STM32WB的硬核功能 - 无线固件升级FUOTA
- KaggleTianChi分类问题相关算法快速实现
- 教育部:浙江大学等35所高校新增人工智能本科专业
- 等保2.0标准下,测评中重点关注的内容
- MXNet下载Fashion-MNIST错误处理
- sqlserver DBLINK
- 招聘senior.net software engineer
- java php 通讯录,基于ssh/bs/java/asp.net/php/web通讯录管理系统
- 阿里云mysql导出表_mysql导出数据库表
- 软件Craft.io指导
- PX4 FMU [17] stabilize
- VMware开机自启虚拟机系统
- 马云的妻子曝光,背景十分惊人!没有她就没有今天的阿里巴巴.....
- 数据挖掘与数据化运营实战. 3.5 交叉销售模型
- 上拉加载更多其他方法
- python qt 按钮_Python QtWidgets.QPushButton方法代码示例
- C#--窗体控件(选择类控件)
热门文章
- 关于布隆过滤器的所有信息:利用Hash实现的索引方案
- Ubuntu 安装Wireshark
- Django:ORM基本操作-CRUD,管理器对象objects,----->查询1(all,values,values_list,order_by)
- Python库:Python OS库
- 穷人为什么会越穷,穷的时候以下三个事情不能干
- LiveLayout
- python opencv findcontours_OpenCV之视频分析 – 背景消除与前景ROI提取
- java中的文本框_java里的JTextField文本框怎么设置大小?
- python 排列组合速度_Python实现的简单排列组合算法示例
- go高性能tcp服务器,在Go中构建并发TCP服务器