Spring data JPA repository not found when Apache Shiro annotations enabled in spring

2
votes

Here is the problem.

I have spring 3.0.5, using its new DATA JPA repository module (interfaces extending CrudRepository<T, ID extends Serializable>).

I have Apache Shiro 1.1.0 as a security solution for my app. Apache shiro is configured in the spring bean defintion xml file as follows:

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<!-- Enable Shiro Annotations for Spring-configured beans.  Only run after -->
<!-- the lifecycleBeanProcessor has run: -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    <property name="securityManager" ref="securityManager"/>
</bean> 

<!-- Define the realm you want to use to connect to your back-end security datasource: -->
<bean id="securityDAORealm" class="com.bilto.archiweb.security.SecurityDAORealm" />

<bean id="securityManager" class="org.apache.shiro.mgt.DefaultSecurityManager">
    <!-- Single realm app.  If you have multiple realms, use the 'realms' property instead. -->
    <property name="realm" ref="securityDAORealm"/>
</bean>

<!-- For simplest integration, so that all SecurityUtils.* methods work in all cases, -->
<!-- make the securityManager bean a static singleton.  DO NOT do this in web         -->
<!-- applications - see the 'Web Applications' section below instead.                 -->
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
    <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
    <property name="arguments" ref="securityManager"/>
</bean>

Please note that my app is a standalone application and this Apachoe Shiro configuration reflects it.

Configuration for spring jpa repositories as well as standard spring configurations (annotations scanning) is configured in others files, they do not seem to be relevant for this problem, so i will skip printing them.

My SecurityDAORealm class is autowiring CredentialsRepository as its jpa repository controller interface (CredentialsRepository extends CrudRepository<T, ID extends Serializable>) that serves for accessing the database where credentials are stored.

@Component
public class SecurityDAORealm extends AuthorizingRealm {

@Autowired
CredentialRepository credentialRepository;
...
}

Now for the problem.

When Apache Shiro annotation scanning is configured, the autowired bean of type CredentialsRepository is not found and thus not wired. When annotation scanning is turned off CredentialsRepository variable is autowired and all works properly.

The part that anables Apache Shiro annotation processing is this

    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<!-- Enable Shiro Annotations for Spring-configured beans.  Only run after -->
<!-- the lifecycleBeanProcessor has run: -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    <property name="securityManager" ref="securityManager"/>
</bean>

By commenting out its central peace

<!-- <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> -->

Annotations are turned off, uncommenting it will switch them on again.

As a test I tried to auto-wire a simple pojo instead of my CredentialsRepository, this works well in both cases (annotations on/off).

I do not see much into spring internals. What might be happening here is that the CredentialsRepository variable is not getting auto-wired as Spring does not get a chance to create its appropriate implementation (SimpleJpaRepository) on its backend.

The workaround exist here simply by auto-wiring some "full class" JPA controller instead of a spring managed interface implementation.

However I am curious whether this is a bug that need to be fixed or whether some additional spring magic exist here that could make it work also with spring data interfaces.

2
springrepositoryshiro

2 Answers

5
votes

I came accross the same issue.

My workaround is to make the securityManager depend on the Repository which needs to be injected. Thus, in your case:

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"
  depends-on="userRepository">
    <property name="realm" ref="credentialRepository" />
</bean>
3
votes

I had a similar situation with this, I'm not using shiro to do security, but I'm using spring security.

When I autowired, it wasn't injecting correctly due to spring security beans being initialized before the component scan for the spring-data @Repository. Since spring security needs to be initialized with the startup of the container in order to set up servlet filters and such, I had to wire my repositories before spring security in order for proper injection to take place.

Know this isn't exactly your situtation, but maybe it will help!

Also, the most confusing part, and what led me to my solution to the problem, I set up a unit test that @Autowired the UserDetailsService which has the repository injected into it, and the unit test worked fine. Led me to believe it was an ordering problem with the way the beans were being setup.