> > securityManager.sessionManager.globalSessionTimeout = 180000 >
This line of config is only valid if you're using Shiro's native session manager. You have to enable the native session manager first: sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager You might also want to think about using two different .ini configs if the config is sufficiently different across two different environments. > 2) I have an existing issue with the activeDirectoryRealm which is still > occuring with the Jetty implementation. If I have the activeDirectoryRealm > enabled in my .ini file the authentication against the user accounts > specified in the file do not need a password, i.e. I can type in the > username and enter no password and it authenticates fine (which is > incorrect). If I comment out the activeDirectoryRealm it does require the > passwords. I am obviously missing something?? > It might be related to this: http://shiro-user.582556.n2.nabble.com/Authentication-with-AD-problem-td7391585.html But I don't believe an issue has been raised within Jira for it. synapseRealm = org.apache.shiro.realm.text.IniRealm > synapseRealm.resourcePath = shiro.ini > This line isn't necessary. When defining a [users] or [roles] section, an implicit IniRealm is automatically created for you. It is available as a bean named 'iniRealm' in the [main] section if you need to use it for configuration. Cheers, Les
