securityManager.sessionManager.globalSessionTimeout is this it?
On 14/12/12 10:39, Paulo Pires wrote: > Hi list, > > I've implemented a REST application that uses Shiro + JDBC Realm for > authentication. > This application has a few clients (applications + a web-site) that > perform authentication, store the response cookie and use the same > cookie when asking for REST resources. > > As my REST environment is a Glassfish cluster, I have my sessions > being replicated and everything works great for a time - I can't > precise how much, though. After some time, the cookie is accepted by > Glassfish but Shiro complains: > > org.apache.shiro.authz.UnauthenticatedException: The current > Subject is not authenticated. Access denied. > Caused by: org.apache.shiro.authz.AuthorizationException: Not > authorized to invoke method: public javax.ws.rs.core.Response com.... > > org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) > > Sessions live for 24 hours. Any idea on what's happening? > > Cheers, > -- > Paulo Pires -- Paulo Pires
