When AuthorizationInfo authorization is performed in Shiro in SpringBoot, it will be executed repeatedly. What is the reason?

as mentioned, the authorization code is as follows

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    log.info("");
    String token = (String) principals.getPrimaryPrincipal();
    String openID = JwtUtil.getopenID(token);
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    //getRoleAndPermission()
    RolePermission rolePermission = userService.getRoleAndPermission(openID);
    //
    log.info("" + openID + "" + "__" + rolePermission.getRole());
    info.addRole(rolePermission.getRole());
    //
    try {
        JSONArray permissionArray = new JSONArray(rolePermission.getPermission());
        for (int i = 0; i < permissionArray.length(); iPP) {
            log.info(":"+permissionArray.getString(i)+"");
            info.addStringPermission(permissionArray.getString(i));
        }
    } catch (Exception e) {
        e.printStackTrace();
    }
    return info;
}

console output is as follows

clipboard.png

I really don"t understand why this happens. Debug value, I don"t see any problem (I don"t know how to use 2333). I don"t know if any boss I"ve ever met knows what"s going on, or maybe it"s what"s going on. Thank you

.
Jul.07,2022

recently used shiro, and I'm not familiar with it either. I guess it is because the url intercepted by your shiro has been requested many times, so it will be repeated


mine. Don't know why


I have been looking for it online for a long time. Under abnormal circumstances, this is the problem. After commenting the following code, it will only be output twice. As for why it will still be output twice, please continue to read

.
    /**
     * doGetAuthorizationInfo
     */
//    @Bean
//    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
//        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
//        // cglib
//        // https://zhuanlan.zhihu.com/p/29161098
//        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
//        return defaultAdvisorAutoProxyCreator;
//    }

after commenting the above paragraph, the reason why it will be output twice is that (there is something wrong with my writing). I later changed it to this

.
 /** 
     *  
     *  checkRolecheckPermission
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String token = (String) principals.getPrimaryPrincipal();
        String openID = JwtUtil.getopenID(token);
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        RolePermission rolePermission = userService.getRoleAndPermission(openID);
        //
        log.info("" + openID + "" + "__" + rolePermission.getRole());
        info.addRole(rolePermission.getRole());
        //
        try {
            JSONArray permissionArray = new JSONArray(rolePermission.getPermission());
            for (int i = 0; i < permissionArray.length(); iPP) {
                log.info(":"+permissionArray.getString(i)+"");
                info.addStringPermission(permissionArray.getString(i));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return info;
    }

but it still seems to be triggered twice, so this time it's not a code problem. Take a look at the notes

first.
@RequiresRoles(value = {"root","admin"},logical = Logical.OR)

for example, I am allowed to have roles with the identity of root or admin to operate, so the program will be executed twice, root and admin will be executed respectively, and the second will not be executed because the first matches, so the information will be output twice. If there are three role judgments, it will be output three times. As above is my conclusion


after the DefaultAdvisorAutoProxyCreator is commented out, the shiro comments will not be used. It will report a 404 error

Menu