[jira] [Commented] (SHIRO-829) LifecycleBeanPostProcessor和ShiroFilterFactoryBean在同一个Configuration中导致aop失效

Tue, 03 Aug 2021 05:47:07 -0700 


    [ 
https://issues.apache.org/jira/browse/SHIRO-829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17392274#comment-17392274
 ] 

Francois Papon commented on SHIRO-829:
--------------------------------------

Thanks, we will take a look.

> LifecycleBeanPostProcessor和ShiroFilterFactoryBean在同一个Configuration中导致aop失效
> --------------------------------------------------------------------------
>
>                 Key: SHIRO-829
>                 URL: https://issues.apache.org/jira/browse/SHIRO-829
>             Project: Shiro
>          Issue Type: Bug
>          Components: Integration: Spring
>    Affects Versions: 1.7.1
>         Environment: springboot:1.5.21.RELEASE
> spring:4.3.24.RELEASE
>            Reporter: chenzhi.xu
>            Assignee: Les Hazlewood
>            Priority: Major
>         Attachments: image-2021-08-03-18-24-02-370.png
>
>
> When _LifecycleBeanPostProcessor_ and _ShiroFilterFactoryBean_ are defined in 
> the same configuration class, Realm's dependency aop (@Transactional and 
> cache) is invalidated. Please look below:
> {code:java}
> @Configuration
> public class ShiroConfig {
>     @Bean("lifecycleBeanPostProcessor")
>     public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
>         return new LifecycleBeanPostProcessor();
>     }
>     @Bean("securityManager")
>     public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
>         DefaultWebSecurityManager securityManager = new 
> DefaultWebSecurityManager();
>         securityManager.setRealm(oAuth2Realm);
>         securityManager.setRememberMeManager(null);
>         return securityManager;
>     }
>     @Bean("shiroFilter")
>     public ShiroFilterFactoryBean shiroFilter(SecurityManager 
> securityManager) {
>         return shiroFilter;
>     }
>     @Bean
>     public AuthorizationAttributeSourceAdvisor 
> authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
>         AuthorizationAttributeSourceAdvisor advisor = new 
> AuthorizationAttributeSourceAdvisor();
>         advisor.setSecurityManager(securityManager);
>         return advisor;
>     }
> }
> {code}
> {code:java}
> @Slf4j
> @Component
> public class OAuth2Realm extends AuthorizingRealm {
>     @Autowired
>     private ISysSsoService sysSsoService;
>     ......
> }
> {code}
> When the _ISysSsoService_ method is annotated by @Transactional, 
> @Transactional will become invalid.
> I can fix it like this
> {code:java}
> @Configuration
> public class ShiroConfig {
>     public static class LifecycleBeanPostProcessorConfiguration {
>         @Bean("lifecycleBeanPostProcessor")
>         public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
>             return new LifecycleBeanPostProcessor();
>         }
>     }
>     ......
> }{code}
> But I think this is a bug
> see spring-beans-4.3.24.RELEASE.jar 
> _org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory#getTypeForFactoryBean_
> !image-2021-08-03-18-24-02-370.png!
> At 1 in the figure, we want to parse the return type of the FactoryBean, and 
> enter the logic of Figure 2 when it cannot be parsed according to the 
> signature. Because LifecycleBeanPostProcessor is initialized earlier than the 
> ordinary bean, the Configuration class already exists as a FactoryBean, so 
> that the dependent instantiation will continue.
> I have found a solution to change the signature of _ShiroFilterFactoryBean_ to
> *public class ShiroFilterFactoryBean implements 
> FactoryBean<{color:#de350b}AbstractShiroFilter{color}>, BeanPostProcessor* 
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to