Return-Path: X-Original-To: apmail-camel-users-archive@www.apache.org Delivered-To: apmail-camel-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B2F3910B4F for ; Tue, 10 Sep 2013 11:39:31 +0000 (UTC) Received: (qmail 18435 invoked by uid 500); 10 Sep 2013 11:39:31 -0000 Delivered-To: apmail-camel-users-archive@camel.apache.org Received: (qmail 18099 invoked by uid 500); 10 Sep 2013 11:39:30 -0000 Mailing-List: contact users-help@camel.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@camel.apache.org Delivered-To: mailing list users@camel.apache.org Received: (qmail 18091 invoked by uid 99); 10 Sep 2013 11:39:29 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Sep 2013 11:39:29 +0000 X-ASF-Spam-Status: No, hits=2.3 required=5.0 tests=SPF_SOFTFAIL,URI_HEX X-Spam-Check-By: apache.org Received-SPF: softfail (athena.apache.org: transitioning domain of jethwani.bipin@gmail.com does not designate 216.139.236.26 as permitted sender) Received: from [216.139.236.26] (HELO sam.nabble.com) (216.139.236.26) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Sep 2013 11:39:24 +0000 Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1VJMHg-0001RT-G1 for users@camel.apache.org; Tue, 10 Sep 2013 04:39:04 -0700 Date: Tue, 10 Sep 2013 04:39:04 -0700 (PDT) From: "jethwani.bipin@gmail.com" To: users@camel.apache.org Message-ID: <1378813144478-5739016.post@n5.nabble.com> Subject: org.apache.shiro.session.StoppedSessionException MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org I have Java remoting built on top of ActiveMQ and Camel using camel bean invocation. There's a route from direct component to jms on client side which injects the shiro security token (nothing special there) And on the other side I have a route from jms to bean which has policy(shiroSecurityPolicy) check using a custom realm. Security Policy: shiroSecurityPolicy.setAlwaysReauthenticate(true); Security Manager Setup osRealm = .AuthenticationRealm osRealm.authenticationCachingEnabled=true cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager cacheManager.cacheManagerConfigFile = securityManager.cacheManager = $cacheManager securityManager.realms = $osRealm Now inside ShiroSecurityPolicy.Processor.applySecurityPolicy(), I saw that if always reauthenticate is set to true, it will logout the current user and invoke onLogout on AuthenticatingRealm which would clear the cache and hence I overrode that to not clear the cache. And now I am trapped into below issue that after some time I keep getting these exceptions. Caused by: org.apache.shiro.session.StoppedSessionException: Session with id [08779010-2098-48f0-9e43-f082d673d5ee] has been explicitly stopped. No further interaction under this session is allowed. at org.apache.shiro.session.mgt.SimpleSession.validate(SimpleSession.java:270) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doValidate(AbstractValidatingSessionManager.java:180) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.validate(AbstractValidatingSessionManager.java:143) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:120) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:109) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:206) at org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469) at org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153) at org.apache.shiro.subject.support.DelegatingSubject.getPrincipal(DelegatingSubject.java:149) at org.apache.camel.component.shiro.security.ShiroSecurityPolicy.authorizeUser(ShiroSecurityPolicy.java:237) --another: a bit different-- Caused by: org.apache.shiro.session.StoppedSessionException: Session with id [c7e1387f-4cc9-4fa1-a171-9904543270d3] has been explicitly stopped. No further interaction under this session is allowed. at org.apache.shiro.session.mgt.SimpleSession.validate(SimpleSession.java:270) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doValidate(AbstractValidatingSessionManager.java:180) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.validate(AbstractValidatingSessionManager.java:143) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:120) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:109) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:206) at org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469) at org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153) at org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:177) at org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:163) at org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:144) at org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:183) at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:283) at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) at org.apache.camel.component.shiro.security.ShiroSecurityPolicy.authenticateUser(ShiroSecurityPolicy.java:204) -- View this message in context: http://camel.465427.n5.nabble.com/org-apache-shiro-session-StoppedSessionException-tp5739016.html Sent from the Camel - Users mailing list archive at Nabble.com.