[SHIRO-829] beanPostProcessor and FactoryBean cause aop to fail in the same Configuration - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Resolved
Affects Version/s: 1.7.1
Fix Version/s: 1.9.0
Component/s: Integration: Spring
Labels:
None
Environment:
springboot:1.5.21.RELEASE
spring:4.3.24.RELEASE

Language:
- Java

Description

When LifecycleBeanPostProcessor and ShiroFilterFactoryBean are defined in the same configuration class, Realm's dependency aop (@Transactional and cache) is invalidated. Please look below:

@Configuration
public class ShiroConfig {
    @Bean("lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }
    @Bean("securityManager")
    public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(oAuth2Realm);
        securityManager.setRememberMeManager(null);
        return securityManager;
    }
    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        return shiroFilter;
    }
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
}

@Slf4j
@Component
public class OAuth2Realm extends AuthorizingRealm {
    @Autowired
    private ISysSsoService sysSsoService;

    ......
}

When the ISysSsoService method is annotated by @Transactional, @Transactional will become invalid.

I can fix it like this

@Configuration
public class ShiroConfig {
    public static class LifecycleBeanPostProcessorConfiguration {
        @Bean("lifecycleBeanPostProcessor")
        public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
            return new LifecycleBeanPostProcessor();
        }
    }
    ......
}

But I think this is a bug

see spring-beans-4.3.24.RELEASE.jar org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory#getTypeForFactoryBean

At 1 in the figure, we want to parse the return type of the FactoryBean, and enter the logic of Figure 2 when it cannot be parsed according to the signature. Because LifecycleBeanPostProcessor is initialized earlier than the ordinary bean, the Configuration class already exists as a FactoryBean, so that the dependent instantiation will continue.

I have found a solution to change the signature of ShiroFilterFactoryBean to

public class ShiroFilterFactoryBean implements FactoryBean<AbstractShiroFilter>, BeanPostProcessor

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

screenshot-3.png
04/Aug/21 10:35
150 kB
chenzhi.xu
screenshot-2.png
04/Aug/21 10:34
80 kB
chenzhi.xu
screenshot-1.png
04/Aug/21 10:34
64 kB
chenzhi.xu
image-2021-08-05-15-55-50-006.png
05/Aug/21 07:55
0.3 kB
chenzhi.xu
image-2021-08-03-18-24-02-370.png
03/Aug/21 10:24
127 kB
chenzhi.xu
build.log
05/Aug/21 07:42
17 kB
chenzhi.xu

Issue Links

is related to

SHIRO-859 Remove shiro-web dependency from the Spring integrations

Open

links to

GitHub Pull Request #316

Activity

People

Assignee:: Francois Papon

Reporter:: chenzhi.xu

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 03/Aug/21 10:32

Updated:: 08/Feb/22 18:15

Resolved:: 08/Feb/22 18:15

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

4h 20m