I'm trying this:
## session timeout
sessionManager =
org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
Let me know your thoughts, if any, please.
Tks,
PP
On 14/12/12 10:42, Paulo Pires wrote:
> securityManager.sessionManager.globalSessionTimeout
>
> is this it?
> On 14/12/12 10:39, Paulo Pires wrote:
>> Hi list,
>>
>> I've implemented a REST application that uses Shiro + JDBC Realm for
>> authentication.
>> This application has a few clients (applications + a web-site) that
>> perform authentication, store the response cookie and use the same
>> cookie when asking for REST resources.
>>
>> As my REST environment is a Glassfish cluster, I have my sessions
>> being replicated and everything works great for a time - I can't
>> precise how much, though. After some time, the cookie is accepted by
>> Glassfish but Shiro complains:
>>
>> org.apache.shiro.authz.UnauthenticatedException: The current
>> Subject is not authenticated. Access denied.
>> Caused by: org.apache.shiro.authz.AuthorizationException: Not
>> authorized to invoke method: public javax.ws.rs.core.Response com....
>>
>> org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90)
>>
>> Sessions live for 24 hours. Any idea on what's happening?
>>
>> Cheers,
>> --
>> Paulo Pires
>
> --
> Paulo Pires
--
Paulo Pires
