You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shiro.apache.org by "Francois Papon (Jira)" <ji...@apache.org> on 2022/02/08 18:15:00 UTC
[jira] [Updated] (SHIRO-829) beanPostProcessor and FactoryBean cause aop to fail in the same Configuration
[ https://issues.apache.org/jira/browse/SHIRO-829?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francois Papon updated SHIRO-829:
---------------------------------
Fix Version/s: (was: 2.0.0)
> beanPostProcessor and FactoryBean cause aop to fail in the same Configuration
> -----------------------------------------------------------------------------
>
> Key: SHIRO-829
> URL: https://issues.apache.org/jira/browse/SHIRO-829
> Project: Shiro
> Issue Type: Bug
> Components: Integration: Spring
> Affects Versions: 1.7.1
> Environment: springboot:1.5.21.RELEASE
> spring:4.3.24.RELEASE
> Reporter: chenzhi.xu
> Assignee: Francois Papon
> Priority: Major
> Fix For: 1.9.0
>
> Attachments: build.log, image-2021-08-03-18-24-02-370.png, image-2021-08-05-15-55-50-006.png, screenshot-1.png, screenshot-2.png, screenshot-3.png
>
> Time Spent: 4h 20m
> Remaining Estimate: 0h
>
> When _LifecycleBeanPostProcessor_ and _ShiroFilterFactoryBean_ are defined in the same configuration class, Realm's dependency aop (@Transactional and cache) is invalidated. Please look below:
> {code:java}
> @Configuration
> public class ShiroConfig {
> @Bean("lifecycleBeanPostProcessor")
> public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
> return new LifecycleBeanPostProcessor();
> }
> @Bean("securityManager")
> public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
> DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
> securityManager.setRealm(oAuth2Realm);
> securityManager.setRememberMeManager(null);
> return securityManager;
> }
> @Bean("shiroFilter")
> public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
> return shiroFilter;
> }
> @Bean
> public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
> AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
> advisor.setSecurityManager(securityManager);
> return advisor;
> }
> }
> {code}
> {code:java}
> @Slf4j
> @Component
> public class OAuth2Realm extends AuthorizingRealm {
> @Autowired
> private ISysSsoService sysSsoService;
> ......
> }
> {code}
> When the _ISysSsoService_ method is annotated by @Transactional, @Transactional will become invalid.
> I can fix it like this
> {code:java}
> @Configuration
> public class ShiroConfig {
> public static class LifecycleBeanPostProcessorConfiguration {
> @Bean("lifecycleBeanPostProcessor")
> public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
> return new LifecycleBeanPostProcessor();
> }
> }
> ......
> }{code}
> But I think this is a bug
> see spring-beans-4.3.24.RELEASE.jar _org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory#getTypeForFactoryBean_
> !image-2021-08-03-18-24-02-370.png!
> At 1 in the figure, we want to parse the return type of the FactoryBean, and enter the logic of Figure 2 when it cannot be parsed according to the signature. Because LifecycleBeanPostProcessor is initialized earlier than the ordinary bean, the Configuration class already exists as a FactoryBean, so that the dependent instantiation will continue.
> I have found a solution to change the signature of _ShiroFilterFactoryBean_ to
> *public class ShiroFilterFactoryBean implements FactoryBean<{color:#de350b}AbstractShiroFilter{color}>, BeanPostProcessor*
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@shiro.apache.org
For additional commands, e-mail: issues-help@shiro.apache.org