shiro中unauthorizedUrl不起作用

解决方法：

在shiro配置文件中添加（异常全路径做key，错误页面做value）

<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
        <property name="exceptionMappings">
            <props>
                <prop key="org.apache.shiro.authz.UnauthorizedException">/403</prop>
            </props>
        </property>
    </bean>

原因：这是因为shiro源代码中判断了filter是否为AuthorizationFilter，只有perms，roles，ssl，rest，port才是属于AuthorizationFilter，而anon，authcBasic，auchc，user是AuthenticationFilter，所以unauthorizedUrl设置后不起作用。

shiro源代码

    private void applyUnauthorizedUrlIfNecessary(Filter filter) {
        String unauthorizedUrl = getUnauthorizedUrl();
        if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) {
            AuthorizationFilter authzFilter = (AuthorizationFilter) filter;
            //only apply the unauthorizedUrl if they haven't explicitly configured one already:
            String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
            if (existingUnauthorizedUrl == null) {
                authzFilter.setUnauthorizedUrl(unauthorizedUrl);
            }
        }
    }

shiro默认过滤器(10个)

• anon -- org.apache.shiro.web.filter.authc.AnonymousFilter
• authc -- org.apache.shiro.web.filter.authc.FormAuthenticationFilter
• authcBasic -- org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
• perms -- org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
• port -- org.apache.shiro.web.filter.authz.PortFilter
• rest -- org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
• roles -- org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
• ssl -- org.apache.shiro.web.filter.authz.SslFilter
• user -- org.apache.shiro.web.filter.authc.UserFilter
• logout -- org.apache.shiro.web.filter.authc.LogoutFilter