I have an application that happens to run in Tomcat, but that's just because of some deployment reasons. It doesn't serve any requests, so I'm using DefaultSecurityManager. I'm using a very simple configuration:
It has several threads of pollers that check queues for events. When it gets an event, one of the elements in that event is the username of the user that did something that put the event on the queue in the first place. The event is passed to a method with the actual application logic. I use the username and a custom token and credentials matcher to "login" as that user so that future activity will be done on their behalf. Everything works fine for a while, but then I start getting UnknownSessionExceptions when I try to log in. Here is an abbreviated version of the code where the exception is thrown: And here is an abbreviated version of the stack trace: I think I see part of what's happening, which is that getSubject() just returns the subject attached to the current thread and that subject already has a session associated with it as a field. So DelegatingSubject.getSession(false) returns a non-null session, but that when you try to look up that session from the SessionDao, it's not there. So my questions are: Is this how it's supposed to work? What is the recommended way to configure this? Should I be turning off the thread validation scheduler or turning off it's deletions or somehow explicitly making sure that getSubject is creating a new session or what? -- View this message in context: http://shiro-user.582556.n2.nabble.com/Getting-UnknownSessionException-after-standalone-non-web-application-has-been-running-for-some-time-tp7578211.html Sent from the Shiro User mailing list archive at Nabble.com.
