Take a look at the caching doc: https://shiro.apache.org/caching.html
That would be my first guess, but it is still early. Also, if you are going the App Engine route you will need to do something that is available across all instances. There is also this project that might help you out: https://gaeshiro.appspot.com -Brian > On Aug 31, 2014, at 7:37 PM, highroller <[email protected]> wrote: > > Hi, > I am implementing endpoint in Google App Engine and testing it in local > dev server using Android Studio. My user login successfully, but when > subject.isAuthenticated() return true in only 1 or 2 requests after the > successful login. Then it returns false forever until user relogin, then > same problem happens again. I don't think it is session timeout because it > lasts less than 2 minutes. I did lots of research and I couldn't find the > problem. How to fix this? > > Following is the code for the endpoint: > > /** An endpoint class we are exposing */ > @Api(name = "Endpoint", version = "v1", namespace = > @ApiNamespace(ownerDomain = "Content.example.com", ownerName = > "Content.example.com", packagePath="")) > public class Endpoint { > > @ApiMethod(name = "removeContent") > public Response removeContent(@Named("id") Long id) throws > UnauthorizedException, NotFoundException { > LOG.info("Calling removeContent method"); > > Response response = new Response(); > > Subject subject = SecurityUtils.getSubject(); > if (subject.isAuthenticated()) { > ... > } > } > } > > Following are the configurations: > > appengine-web.xml: > > <?xml version="1.0" encoding="utf-8"?> > <appengine-web-app xmlns="http://appengine.google.com/ns/1.0";> > <application>virtual-guru-123123213</application> > <version>1</version> > <threadsafe>true</threadsafe> > <sessions-enabled>true</sessions-enabled> > <system-properties> > <property name="java.util.logging.config.file" > value="WEB-INF/logging.properties"/> > > > > <property name="gcm.api.key" value="sdfkjsldkfjlsjflksdj"/> > </system-properties> > > > <async-session-persistence enabled="true" queue-name="default"/> > </appengine-web-app> > > =================================================== > > shiro.ini: > > [main] > shiro.loginUrl = /login > > gaeRealm = com.example.user.DatastoreRealm > > passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher > iniRealm.credentialsMatcher = $passwordMatcher > > securityManager.realms = $gaeRealm > > [roles] > admin = * > user = browse:* > > [urls] > /login = authc > > =========================================== > > web.xml: > > <?xml version="1.0" encoding="utf-8"?> > <web-app xmlns="http://java.sun.com/xml/ns/javaee"; version="2.5"> > <servlet> > <servlet-name>SystemServiceServlet</servlet-name> > > <servlet-class>com.google.api.server.spi.SystemServiceServlet</servlet-class> > <init-param> > <param-name>services</param-name> > <param-value>com.example.content.Endpoint</param-value> > </init-param> > </servlet> > <servlet-mapping> > <servlet-name>SystemServiceServlet</servlet-name> > <url-pattern>/_ah/spi/*</url-pattern> > </servlet-mapping> > > <welcome-file-list> > <welcome-file>index.html</welcome-file> > </welcome-file-list> > > <listener> > > <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> > </listener> > > <filter> > <filter-name>ShiroFilter</filter-name> > > <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> > </filter> > > <filter-mapping> > <filter-name>ShiroFilter</filter-name> > <url-pattern>/*</url-pattern> > <dispatcher>REQUEST</dispatcher> > <dispatcher>FORWARD</dispatcher> > <dispatcher>INCLUDE</dispatcher> > <dispatcher>ERROR</dispatcher> > </filter-mapping> > </web-app> > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Shiro-subject-authentication-cannot-last-more-than-2-requests-in-Google-App-Engine-Endpoint-tp7580170.html > Sent from the Shiro User mailing list archive at Nabble.com.
