Hi Jeff, You're right, this needs to be clearer in the documentation. If you get a chance, would you please open a Jira issue for this so it isn't lost?
Thanks, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com On Wed, Jan 4, 2012 at 1:39 PM, jeffp <[email protected]> wrote: > Cleaning up that code actually didn't solve it after all. However, I did > figure this out by digging through the source of AuthorizingRealm. > > It turns out that this was a cache "problem". AuthorizingRealm requires its > own cache to be defined and sans doing that reverts back to the default > cache (2 minute cache). The cache HAS to be named as follows: > > authorizationCacheName = getClass().getName() + > DEFAULT_AUTHORIZATION_CACHE_SUFFIX; > > where the suffix is ".authorizationCache". Failing to define an eternal > cache for this results in really odd behavior. If you override > AuthorizingCache then you'll need to define the cache using your own class > name as shown below. > > <cache name="com.samples.MyCustomRealm.authorizationCache" > maxElementsInMemory="10000" > overflowToDisk="true" > eternal="true" > timeToLiveSeconds="0" > timeToIdleSeconds="0" > diskPersistent="true" > diskExpiryThreadIntervalSeconds="600"> > </cache> > > Maybe this is in the documentation somewhere, but I totally missed it and it > caused me a lot of time and effort to figure it out. The documentation does > say that expiring the cache without telling Shiro about it is a very bad > thing -- I agree. I hope this bit of information benefits somebody else. > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Issue-with-Shiro-authorization-getting-cleared-tp7140992p7152087.html > Sent from the Shiro User mailing list archive at Nabble.com.
