[jira] [Updated] (SHIRO-829) LifecycleBeanPostProcessor和ShiroFilterFactoryBean在同一个Configuration中导致aop失效

Tue, 03 Aug 2021 05:24:06 -0700 


     [ 
https://issues.apache.org/jira/browse/SHIRO-829?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

chenzhi.xu updated SHIRO-829:
-----------------------------
    Description: 
When _LifecycleBeanPostProcessor_ and _ShiroFilterFactoryBean_ are defined in 
the same configuration class, Realm's dependency aop (@Transactional and cache) 
is invalidated.Look that:
{code:java}
@Configuration
public class ShiroConfig {
    @Bean("lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }
    @Bean("securityManager")
    public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
        DefaultWebSecurityManager securityManager = new 
DefaultWebSecurityManager();
        securityManager.setRealm(oAuth2Realm);
        securityManager.setRememberMeManager(null);
        return securityManager;
    }    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        return shiroFilter;
    }    @Bean
    public AuthorizationAttributeSourceAdvisor 
authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new 
AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
}
{code}
{code:java}
@Slf4j
@Component
public class OAuth2Realm extends AuthorizingRealm {
    @Autowired
    private ISysSsoService sysSsoService;

    ......
}

{code}
When the ISysSsoService method is annotated by @Transactional, @Transactional 
will become invalid.

I can fix it like this

 
{code:java}
@Configuration
public class ShiroConfig {
    public static class LifecycleBeanPostProcessorConfiguration {
        @Bean("lifecycleBeanPostProcessor")
        public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
            return new LifecycleBeanPostProcessor();
        }
    }
    ......
}{code}
But I think this is a bug

see spring-beans-4.3.24.RELEASE.jar 
_org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory#getTypeForFactoryBean_

!image-2021-08-03-18-24-02-370.png!

At 1 in the figure, we want to parse the return type of the FactoryBean, and 
enter the logic of Figure 2 when it cannot be parsed according to the 
signature. Because LifecycleBeanPostProcessor is initialized earlier than the 
ordinary bean, the Configuration class already exists as a FactoryBean, so that 
the dependent instantiation will continue.

I have found a solution to change the signature of _ShiroFilterFactoryBean_ to

*public class ShiroFilterFactoryBean implements 
FactoryBean<{color:#de350b}AbstractShiroFilter{color}>, BeanPostProcessor* 

 

  was:
When _LifecycleBeanPostProcessor_ and _ShiroFilterFactoryBean_ are defined in 
the same configuration class, Realm's dependency aop (@Transactional and cache) 
is invalidated.Look that:

 
{code:java}
@Configuration
public class ShiroConfig {
    @Bean("lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }
    @Bean("securityManager")
    public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
        DefaultWebSecurityManager securityManager = new 
DefaultWebSecurityManager();
        securityManager.setRealm(oAuth2Realm);
        securityManager.setRememberMeManager(null);
        return securityManager;
    }    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        return shiroFilter;
    }    @Bean
    public AuthorizationAttributeSourceAdvisor 
authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new 
AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
}
{code}
{code:java}
@Slf4j
@Component
public class OAuth2Realm extends AuthorizingRealm {
    @Autowired
    private ISysSsoService sysSsoService;

    ......
}

{code}
When the ISysSsoService method is annotated by @Transactional, @Transactional 
will become invalid.

I can fix it like this

 
{code:java}
@Configuration
public class ShiroConfig {
    public static class LifecycleBeanPostProcessorConfiguration {
        @Bean("lifecycleBeanPostProcessor")
        public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
            return new LifecycleBeanPostProcessor();
        }
    }
    ......
}{code}
But I think this is a bug

see spring-beans-4.3.24.RELEASE.jar 
_org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory#getTypeForFactoryBean_

!image-2021-08-03-18-24-02-370.png!

At 1 in the figure, we want to parse the return type of the FactoryBean, and 
enter the logic of Figure 2 when it cannot be parsed according to the 
signature. Because LifecycleBeanPostProcessor is initialized earlier than the 
ordinary bean, the Configuration class already exists as a FactoryBean, so that 
the dependent instantiation will continue.

I have found a solution to change the signature of _ShiroFilterFactoryBean_ to

*public class ShiroFilterFactoryBean implements 
FactoryBean<{color:#de350b}AbstractShiroFilter{color}>, BeanPostProcessor* 

 


> LifecycleBeanPostProcessor和ShiroFilterFactoryBean在同一个Configuration中导致aop失效
> --------------------------------------------------------------------------
>
>                 Key: SHIRO-829
>                 URL: https://issues.apache.org/jira/browse/SHIRO-829
>             Project: Shiro
>          Issue Type: Bug
>          Components: Integration: Spring
>    Affects Versions: 1.7.1
>         Environment: springboot:1.5.21.RELEASE
> spring:4.3.24.RELEASE
>            Reporter: chenzhi.xu
>            Assignee: Les Hazlewood
>            Priority: Major
>         Attachments: image-2021-08-03-18-24-02-370.png
>
>
> When _LifecycleBeanPostProcessor_ and _ShiroFilterFactoryBean_ are defined in 
> the same configuration class, Realm's dependency aop (@Transactional and 
> cache) is invalidated.Look that:
> {code:java}
> @Configuration
> public class ShiroConfig {
>     @Bean("lifecycleBeanPostProcessor")
>     public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
>         return new LifecycleBeanPostProcessor();
>     }
>     @Bean("securityManager")
>     public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
>         DefaultWebSecurityManager securityManager = new 
> DefaultWebSecurityManager();
>         securityManager.setRealm(oAuth2Realm);
>         securityManager.setRememberMeManager(null);
>         return securityManager;
>     }    @Bean("shiroFilter")
>     public ShiroFilterFactoryBean shiroFilter(SecurityManager 
> securityManager) {
>         return shiroFilter;
>     }    @Bean
>     public AuthorizationAttributeSourceAdvisor 
> authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
>         AuthorizationAttributeSourceAdvisor advisor = new 
> AuthorizationAttributeSourceAdvisor();
>         advisor.setSecurityManager(securityManager);
>         return advisor;
>     }
> }
> {code}
> {code:java}
> @Slf4j
> @Component
> public class OAuth2Realm extends AuthorizingRealm {
>     @Autowired
>     private ISysSsoService sysSsoService;
>     ......
> }
> {code}
> When the ISysSsoService method is annotated by @Transactional, @Transactional 
> will become invalid.
> I can fix it like this
>  
> {code:java}
> @Configuration
> public class ShiroConfig {
>     public static class LifecycleBeanPostProcessorConfiguration {
>         @Bean("lifecycleBeanPostProcessor")
>         public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
>             return new LifecycleBeanPostProcessor();
>         }
>     }
>     ......
> }{code}
> But I think this is a bug
> see spring-beans-4.3.24.RELEASE.jar 
> _org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory#getTypeForFactoryBean_
> !image-2021-08-03-18-24-02-370.png!
> At 1 in the figure, we want to parse the return type of the FactoryBean, and 
> enter the logic of Figure 2 when it cannot be parsed according to the 
> signature. Because LifecycleBeanPostProcessor is initialized earlier than the 
> ordinary bean, the Configuration class already exists as a FactoryBean, so 
> that the dependent instantiation will continue.
> I have found a solution to change the signature of _ShiroFilterFactoryBean_ to
> *public class ShiroFilterFactoryBean implements 
> FactoryBean<{color:#de350b}AbstractShiroFilter{color}>, BeanPostProcessor* 
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to