You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "chenzhi.xu (Jira)" <ji...@apache.org> on 2021/08/03 12:23:00 UTC
[jira] [Updated] (SHIRO-829) LifecycleBeanPostProcessor和ShiroFilterFactoryBean在同一个Configuration中导致aop失效
[ https://issues.apache.org/jira/browse/SHIRO-829?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
chenzhi.xu updated SHIRO-829:
-----------------------------
Description:
When _LifecycleBeanPostProcessor_ and _ShiroFilterFactoryBean_ are defined in the same configuration class, Realm's dependency aop (@Transactional and cache) is invalidated.Look that:
{code:java}
@Configuration
public class ShiroConfig {
@Bean("lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean("securityManager")
public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(oAuth2Realm);
securityManager.setRememberMeManager(null);
return securityManager;
} @Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
return shiroFilter;
} @Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}
{code}
{code:java}
@Slf4j
@Component
public class OAuth2Realm extends AuthorizingRealm {
@Autowired
private ISysSsoService sysSsoService;
......
}
{code}
When the ISysSsoService method is annotated by @Transactional, @Transactional will become invalid.
I can fix it like this
{code:java}
@Configuration
public class ShiroConfig {
public static class LifecycleBeanPostProcessorConfiguration {
@Bean("lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
......
}{code}
But I think this is a bug
see spring-beans-4.3.24.RELEASE.jar _org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory#getTypeForFactoryBean_
!image-2021-08-03-18-24-02-370.png!
At 1 in the figure, we want to parse the return type of the FactoryBean, and enter the logic of Figure 2 when it cannot be parsed according to the signature. Because LifecycleBeanPostProcessor is initialized earlier than the ordinary bean, the Configuration class already exists as a FactoryBean, so that the dependent instantiation will continue.
I have found a solution to change the signature of _ShiroFilterFactoryBean_ to
*public class ShiroFilterFactoryBean implements FactoryBean<{color:#de350b}AbstractShiroFilter{color}>, BeanPostProcessor*
was:
LifecycleBeanPostProcessor和ShiroFilterFactoryBean在同一个Configuration类中定义时导致Realm依赖的单例aop失效(事务和cache)。
原因是org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory#getTypeForFactoryBean
!image-2021-08-03-18-24-02-370.png!
图中1处希望解析FactoryBean的返回类型,当无法根据签名解析时进入2逻辑,因为LifecycleBeanPostProcessor提前初始化导致Configuration类被作为FactoryBean已经存在,导致继续执行实例化。导致依赖提前于其他BeanPostProcessor实例化。
解决办法也很简单,将ShiroFilterFactoryBean的签名改为
*public class ShiroFilterFactoryBean implements FactoryBean<AbstractShiroFilter>, BeanPostProcessor*
> LifecycleBeanPostProcessor和ShiroFilterFactoryBean在同一个Configuration中导致aop失效
> --------------------------------------------------------------------------
>
> Key: SHIRO-829
> URL: https://issues.apache.org/jira/browse/SHIRO-829
> Project: Shiro
> Issue Type: Bug
> Components: Integration: Spring
> Affects Versions: 1.7.1
> Environment: springboot:1.5.21.RELEASE
> spring:4.3.24.RELEASE
> Reporter: chenzhi.xu
> Assignee: Les Hazlewood
> Priority: Major
> Attachments: image-2021-08-03-18-24-02-370.png
>
>
> When _LifecycleBeanPostProcessor_ and _ShiroFilterFactoryBean_ are defined in the same configuration class, Realm's dependency aop (@Transactional and cache) is invalidated.Look that:
>
> {code:java}
> @Configuration
> public class ShiroConfig {
> @Bean("lifecycleBeanPostProcessor")
> public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
> return new LifecycleBeanPostProcessor();
> }
> @Bean("securityManager")
> public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
> DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
> securityManager.setRealm(oAuth2Realm);
> securityManager.setRememberMeManager(null);
> return securityManager;
> } @Bean("shiroFilter")
> public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
> return shiroFilter;
> } @Bean
> public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
> AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
> advisor.setSecurityManager(securityManager);
> return advisor;
> }
> }
> {code}
> {code:java}
> @Slf4j
> @Component
> public class OAuth2Realm extends AuthorizingRealm {
> @Autowired
> private ISysSsoService sysSsoService;
> ......
> }
> {code}
> When the ISysSsoService method is annotated by @Transactional, @Transactional will become invalid.
> I can fix it like this
>
> {code:java}
> @Configuration
> public class ShiroConfig {
> public static class LifecycleBeanPostProcessorConfiguration {
> @Bean("lifecycleBeanPostProcessor")
> public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
> return new LifecycleBeanPostProcessor();
> }
> }
> ......
> }{code}
> But I think this is a bug
>
>
>
> see spring-beans-4.3.24.RELEASE.jar _org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory#getTypeForFactoryBean_
> !image-2021-08-03-18-24-02-370.png!
> At 1 in the figure, we want to parse the return type of the FactoryBean, and enter the logic of Figure 2 when it cannot be parsed according to the signature. Because LifecycleBeanPostProcessor is initialized earlier than the ordinary bean, the Configuration class already exists as a FactoryBean, so that the dependent instantiation will continue.
> I have found a solution to change the signature of _ShiroFilterFactoryBean_ to
> *public class ShiroFilterFactoryBean implements FactoryBean<{color:#de350b}AbstractShiroFilter{color}>, BeanPostProcessor*
--
This message was sent by Atlassian Jira
(v8.3.4#803005)