It appears you haven't configured a SessionDAO that will actually use your cache.
Based on this: http://shiro.apache.org/session-management.html#SessionManagement-EHCacheSessionDAO Your Java code should look something like this: SessionDAO sessionDAO = new EnterpriseCacheSessionDAO(); ((DefaultSessionManager)mSecurityManager.getSessionManager()).setSessionDAO(sessionDAO); EhCacheManager shiroCacheManager = new EhCacheManager(); mSecurityManager.setCacheManager(shiroCacheManager); Also ensure your <cache> element in ehcache.xml is named 'shiro-activeSessionsCache' as documented, and not 'shiroCache'. Or, if you want to use the name 'shiroCache' set sessionDAO.setActiveSessionsCacheName("shiroCache"); On a side note, if the Ehcache 'shiroCache' region is being used for Sessions, then you will see problems: this region has a TTL of 1 hour but your session manager globalSessionTimeout is set to be 8 hours. This means that your cache can (and will) expunge sessions that might be in use! If 'shiroCache' represents the active session cache, you will want to set timeToLive to be zero and timeToIdle to be something longer than your session timeout. This is all documented here: http://shiro.apache.org/session-management.html#SessionManagement-EHCacheSessionDAO and here: http://shiro.apache.org/session-management.html#SessionManagement-%7B%7BEnterpriseCacheSessionDAO%7D%7D HTH, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Thu, Jun 20, 2013 at 4:53 PM, ApacheNinja <[email protected]> wrote: > Hello, > > I am seeing some strange behavior where checking permissions for > authorization runs quickly for a few days but then the time it takes to > check permissions dramatically slows down. This appears to occur after a > few days of running the application. I took a look at this post but I don't > think it is the same issue: > http://shiro-user.582556.n2.nabble.com/Invalidating-Authentication-Cache-slows-performance-td6329816.html#a6333063 > > We are configuring Shiro programmatically as follows: > > public static void initSecurityManager() { > > //Set realms > mSecurityManager = new DefaultSecurityManager(); > mSecurityManager.setAuthenticator(new MockAuthenticator()); > ArrayList <Realm> realms = new ArrayList<Realm>(); > realms.add(new PortalRealm()); > realms.add(new PortalBaselineRealm()); > mSecurityManager.setRealms(realms); > > //Setup caching > EhCacheManager shiroCacheManager = new EhCacheManager(); > CacheManager cacheManager = CacheManager.create(); > Ehcache cache = cacheManager.getEhcache(SHIRO_CACHE); > shiroCacheManager.setCacheManager(cache.getCacheManager()); > mSecurityManager.setCacheManager(shiroCacheManager); > > //Set session timeout > > ((DefaultSessionManager)mSecurityManager.getSessionManager()).setGlobalSessionTimeout(28800000); > SecurityUtils.setSecurityManager(mSecurityManager); > } > > Our entry in the ehcache.xml is as follows: > > > <cache name="shiroCache" > maxElementsInMemory="10000" > eternal="false" > timeToIdleSeconds="3600" > timeToLiveSeconds="3600" > memoryStoreEvictionPolicy="LFU" > > > </cache> > > In addition to Shiro's caching, we have another self populating ehcache that > actually holds the permissions when they are retrieved from the database. > However, I don't think this should be an issue. Any help would be > appreciated. Thanks. > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Performance-slows-dramatically-over-time-when-checking-permissions-for-authorization-tp7578867.html > Sent from the Shiro User mailing list archive at Nabble.com.
