Hi Les,
I am using Spring configuration, which throws error at startup
suggesting my sessionManager from securityManager is not reable ( no
get method )
Error creating bean with name 'shiroFilter' defined in ServletContext
resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference
to bean 'securityManager' while setting bean property
'securityManager'; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'securityManager' defined in ServletContext
resource [/WEB-INF/applicationContext.xml]: Error setting property
values; nested exception is
org.springframework.beans.NotWritablePropertyException: Invalid
property 'sessionManager.globalSessionTimeout' of bean class
[org.apache.shiro.web.mgt.DefaultWebSecurityManager]: Bean property
'globalSessionTimeout' is not writable or has an invalid setter
method. Does the parameter type of the setter match the return type of
the getter?
due to this config
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
[....]
<property name="sessionManager.globalSessionTimeout" value="1800000" />
[....]
</bean>
So I ended up to add this into my web.xml
<session-config>
<session-timeout>30</session-timeout>
</session-config>
I dont think this is working either ( i change the value to 1 and
session is not timing out after 1 minute )
not sure if this is something to do at my end, hopefully some one on
this forum can confirm what I am seeing.
Thanks for the quick response
-D
On Mon, Apr 30, 2012 at 10:03 AM, Les Hazlewood <[email protected]> wrote:
> Hi Dan,
>
> In Shiro 1.2+:
>
> - If using the servlet container's session management (Shiro uses this
> by default), you control session timeout as expected in web.xml.
> Because you are using a session management mechanism outside of
> Shiro's control (the web container's), you must configure it via the
> web container (web.xml), not in shiro.ini for example.
>
> - If using Shiro's native session management, then you can configure
> the timeout value in Shiro's config:
>
> securityManager.sessionManager.globalSessionTimeout = 1800000
>
> HTH,
>
> --
> Les Hazlewood
> CTO, Stormpath | http://stormpath.com | 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> blog: http://leshazlewood.com
> stormpath blog: http://www.stormpath.com/blog
>
>
> On Sat, Apr 28, 2012 at 11:39 PM, Dan Tran <[email protected]> wrote:
>> Hi
>>
>> Shiro 1.2's DefaultWebSecurityManager no longer give access to
>> sessionManager and there the documented
>> 'securityManager.sessionManager.globalSessionTimeout = 1800000' [1] no
>> longer working.
>>
>> is there an alternative way to get this feature back?
>>
>> Thanks
>>
>> -D
>>
>> [1] http://shiro.apache.org/configuration.html
