SilenceLurker commented on issue #1236:
URL: https://github.com/apache/shiro/issues/1236#issuecomment-2126697751
I am not sure if this is the issue, but I noticed that
ShiroFilterFactoryBean implements both FactoryBean and BeanPostProcessor
interfaces. This could be the cause. However, I have not tried separating them
into two classes, each implementing one of the interfaces. In terms of the
Spring lifecycle, the order seems to be FactoryBean -> Bean ->
BeanPostProcessor. Implementing both might cause issues. The FactoryBean
documentation suggests that the implementation class should not be used as a
normal bean ("NB: A bean that implements this interface cannot be used as a
normal bean. A FactoryBean is defined in a bean style, but the object exposed
for bean references (getObject()) is always the object that it creates."). This
suggests that users should not manually create beans for its implementing class.
While debugging in the Spring-Boot 2 environment, I noticed similar issues
in the call stack, but Spring-Boot 2 seems less strict in its checks compared
to Spring-Boot 3, hence no warnings. However, customizing a
ShiroFilterFactoryBean or AuthorizationAttributeSourceAdvisor may still trigger
these warnings in Spring-Boot 2 (with the former being more severe).(Translated
by GPT4o)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
