[
https://issues.apache.org/jira/browse/SHIRO-627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17002036#comment-17002036
]
Isak W commented on SHIRO-627:
------------------------------
The problem comes from having one or more Realms registered that also qualifies
as Authorizer's (usually due to extending AuthorizingRealm). This causes the
default Authorizer (ShiroWebAutoConfiguration#authorizer) not to be invoced due
to there already being an Authorizer registered (@ConditionalOnMissingBean will
only match the type if nothing else is specified). When the default
SecurityManager bean is created (ShiroWebAutoConfiguration#securityManager) it
expects a bean of type Authorizer and name "authorizer", but the registered
Realms' name most likely doesn't match that, hence the error: "No bean named
'authorizer' available".
The issue is easy to reproduce, in
ShiroWebAutoConfigurationTestApplication#getTextConfigurationRealm, change the
return type from Realm to TextConfigurationRealm (see my PR). In my case, just
like [~cbchd] and [~apachexx], I had registered my own custom Realm
implementation as a @Component, which would register the Realm as its'
implementation and qualify it with all interfaces it implements, including
Authorizer. One workaround is to explicitly register an Authorizer bean with
name "authorizer", as mentioned before, instead of relying on the default
implementation. A better workaround IMO is to register all Realms as Realm (the
interface) rather than it's implementation. That means not making them
@Component's but instead register them as @Bean's with return type Realm.
My suggested fix would be to determine missing beans by name rather than type,
which would allow for an AuthorizingRealm to be registered as a @Component
without having it override the default Authorizer. I think it makes sense since
the default SecurityManager even requires a named bean anyway. I have made a
[pull request|https://github.com/apache/shiro/pull/191] - what are your
thoughts?
As a sidenote, I think it would be good to use less generic bean names in
future releases (although that would be a breaking change). Names such as
"sessionFactory" run a very high risk of conflicting with other configurations.
> something wrong with shiro-spring-boot-web-starter,it did not auto register
> securityManager???
> ----------------------------------------------------------------------------------------------
>
> Key: SHIRO-627
> URL: https://issues.apache.org/jira/browse/SHIRO-627
> Project: Shiro
> Issue Type: Question
> Components: Sample Apps
> Affects Versions: 1.4.0
> Environment: windows 7 64bit
> jdk 1.8
> Reporter: hujie
> Assignee: Francois Papon
> Priority: Major
> Labels: starter
> Fix For: 1.5.1
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {code}
> 2017-06-26 19:59:22.126 INFO 6576 --- [ main]
> c.p.s.Jsr303HibernateValidateApplication : Starting
> Jsr303HibernateValidateApplication on hujie-PC with PID 6576
> (D:\jee-git-repo\study\JSR303-Hibernate-Validate\target\classes started by
> hujie in D:\jee-git-repo\study\JSR303-Hibernate-Validate)
> 2017-06-26 19:59:22.150 INFO 6576 --- [ main]
> c.p.s.Jsr303HibernateValidateApplication : No active profile set, falling
> back to default profiles: default
> 2017-06-26 19:59:22.232 INFO 6576 --- [ main]
> ationConfigEmbeddedWebApplicationContext : Refreshing
> org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@539d019:
> startup date [Mon Jun 26 19:59:22 CST 2017]; root of context hierarchy
> 2017-06-26 19:59:23.586 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean
> 'org.apache.shiro.spring.boot.autoconfigure.ShiroBeanAutoConfiguration' of
> type [class
> org.apache.shiro.spring.boot.autoconfigure.ShiroBeanAutoConfiguration$$EnhancerBySpringCGLIB$$51c46c26]
> is not eligible for getting processed by all BeanPostProcessors (for
> example: not eligible for auto-proxying)
> 2017-06-26 19:59:23.624 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean 'eventBus' of type [class
> org.apache.shiro.event.support.DefaultEventBus] is not eligible for getting
> processed by all BeanPostProcessors (for example: not eligible for
> auto-proxying)
> 2017-06-26 19:59:23.730 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean
> 'org.apache.shiro.spring.config.web.autoconfigure.ShiroWebAutoConfiguration'
> of type [class
> org.apache.shiro.spring.config.web.autoconfigure.ShiroWebAutoConfiguration$$EnhancerBySpringCGLIB$$7660cc90]
> is not eligible for getting processed by all BeanPostProcessors (for
> example: not eligible for auto-proxying)
> 2017-06-26 19:59:23.772 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean 'localRealm' of type [class
> cn.points.study.shiro.realms.LocalRealm$$EnhancerBySpringCGLIB$$b0c600bf] is
> not eligible for getting processed by all BeanPostProcessors (for example:
> not eligible for auto-proxying)
> 2017-06-26 19:59:24.032 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean 'sessionStorageEvaluator' of
> type [class org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator] is
> not eligible for getting processed by all BeanPostProcessors (for example:
> not eligible for auto-proxying)
> 2017-06-26 19:59:24.034 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean 'subjectDAO' of type [class
> org.apache.shiro.mgt.DefaultSubjectDAO] is not eligible for getting processed
> by all BeanPostProcessors (for example: not eligible for auto-proxying)
> 2017-06-26 19:59:24.038 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean 'subjectFactory' of type
> [class org.apache.shiro.web.mgt.DefaultWebSubjectFactory] is not eligible for
> getting processed by all BeanPostProcessors (for example: not eligible for
> auto-proxying)
> 2017-06-26 19:59:24.044 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean 'rememberMeCookieTemplate' of
> type [class org.apache.shiro.web.servlet.SimpleCookie] is not eligible for
> getting processed by all BeanPostProcessors (for example: not eligible for
> auto-proxying)
> 2017-06-26 19:59:24.049 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean 'rememberMeManager' of type
> [class org.apache.shiro.web.mgt.CookieRememberMeManager] is not eligible for
> getting processed by all BeanPostProcessors (for example: not eligible for
> auto-proxying)
> 2017-06-26 19:59:24.055 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean 'authenticationStrategy' of
> type [class org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy] is not
> eligible for getting processed by all BeanPostProcessors (for example: not
> eligible for auto-proxying)
> 2017-06-26 19:59:24.060 INFO 6576 --- [ main]
> trationDelegate$BeanPostProcessorChecker : Bean 'authenticator' of type
> [class org.apache.shiro.authc.pam.ModularRealmAuthenticator] is not eligible
> for getting processed by all BeanPostProcessors (for example: not eligible
> for auto-proxying)
> 2017-06-26 19:59:24.062 WARN 6576 --- [ main]
> ationConfigEmbeddedWebApplicationContext : Exception encountered during
> context initialization - cancelling refresh attempt:
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.shiro.spring.config.web.autoconfigure.ShiroWebFilterConfiguration':
> Unsatisfied dependency expressed through field 'securityManager'; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'securityManager' defined in class path resource
> [org/apache/shiro/spring/config/web/autoconfigure/ShiroWebAutoConfiguration.class]:
> Bean instantiation via factory method failed; nested exception is
> org.springframework.beans.BeanInstantiationException: Failed to instantiate
> [org.apache.shiro.mgt.SessionsSecurityManager]: Factory method
> 'securityManager' threw exception; nested exception is
> org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean
> named 'authorizer' is defined
> 2017-06-26 19:59:24.143 ERROR 6576 --- [ main]
> o.s.b.d.LoggingFailureAnalysisReporter :
> ***************************
> APPLICATION FAILED TO START
> ***************************
> Description:
> Field securityManager in
> org.apache.shiro.spring.web.config.AbstractShiroWebFilterConfiguration
> required a bean named 'authorizer' that could not be found.
> {code}
> ********************************************************************************8
> {code}
> my boot properties :
> shiro.enabled=true
> shiro.web.enabled=true
> shiro.annotations.enabled=false
> shiro.loginUrl=/login.html
> shiro.successUrl=/
> shiro.unauthorizedUrl=/unauthorizedUrl.html
> shiro.userNativeSessionManager=true
> {code}
> I read code of shiro-spring-boot-web-starter,and
> shiro-spring-boot-starter,and i register one bean ,type of realm.
> {color:red}but I debug found there is not have securityManager???{color}
> why shiro samples did not register securityManager bean,but it can runing,
> sorry about my english.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
