shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Young <...@summitbid.com>
Subject Re: Extending the session timeout. grails + Shiro + tomcat
Date Fri, 04 Feb 2011 18:31:25 GMT
Actually, that's doesn't quite do it, for me at least, because I don't think
the ShiroSecurityManger is visible in Grails Config.groovy, is it?

I verified the fix by first placing the slightly modified code snippet in
AuthController.groovy under signIn action:

class AuthController {
    def shiroSecurityManager
...
shiroSecurityManager.sessionManager.globalSessionTimeout =
grailsApplication.config.sessionTimeOut ?: 360000
...

And setting the sessionTimeout in Config.groovy:

def sessionTimeOut = 360000

There's a couple other scenarios being considered that support a bit more
flexibility and involve BootStrap.groovy.

Thanks.




On Thu, Feb 3, 2011 at 1:53 PM, Les Hazlewood <lhazlewood@apache.org> wrote:

> That should do it!
>
> On Thu, Feb 3, 2011 at 12:49 PM, Scott Ryan <sryan737@gmail.com> wrote:
> > So to clarify the solution is the add the following to the Config.groovy
> in
> > the grails application
> > securityManager.sessionManager.globalSessionTimeout = 3600000
> >
> > On Feb 3, 2011, at 1:43 PM, Ed Young wrote:
> >
> > Thanks for the rapid response. I'll try it and let you know how it goes.
> -Ed
> >
> > On Thu, Feb 3, 2011 at 1:17 PM, Les Hazlewood <lhazlewood@apache.org>
> wrote:
> >>
> >> Hi Ed,
> >>
> >> Apparently Shiro's ServletContainerSessionManager (that uses the
> >> Servlet container by default - not shiro's native sessions) does not
> >> honor the web.xml setting.  It looks at Shiro's 'globalSessionTimeout'
> >> property instead.  I consider this a bug for this particular
> >> implementation (the ServletContainerSessionManager should reflect the
> >> servlet container's settings IMO).
> >>
> >> I've opened a Jira issue to reflect this:
> >> https://issues.apache.org/jira/browse/SHIRO-240
> >>
> >> In the meantime, you can set shiro's 'globalSessionTimeout' property
> >> to get around the issue.  For example:
> >>
> >> # 1 hour (all of Shiro's timeout values are in millis, unlike
> >> web.xml's minutes):
> >> securityManager.sessionManager.globalSessionTimeout = 3600000
> >>
> >> HTH!
> >>
> >> --
> >> Les Hazlewood
> >> Founder, Katasoft, Inc.
> >> Application Security Products & Professional Apache Shiro Support and
> >> Training:
> >> http://www.katasoft.com
> >>
> >> On Thu, Feb 3, 2011 at 11:37 AM, Ed Young <ejy@summitbid.com> wrote:
> >> > Is there anything in the Grails Shiro (1.0 plugin) that might cause
> the
> >> > timeout at 30 minutes despite the web.xml configuration set to 60
> mins?
> >> >
> >> > I thought I could extend the session timeout to 60 minutes simply by
> >> > either
> >> >
> >> > adding this to web.xml in the deployed application
> >> >
> >> > <session-config>
> >> > <session-timeout>60</session-timeout>
> >> > </session-config>
> >> >
> >> > Or by adding the same descriptor above to the
> >> >
> >> > chimps/src/templates/war/web.xml
> >> >
> >> > in the application source.
> >> >
> >> >  add this to web.xml in the deployed application
> >> > <session-config>
> >> > <session-timeout>60</session-timeout>
> >> > </session-config>
> >> >
> >> >
> >> > Or add it to the chimps/src/templates/war/web.xml in the application
> >> > source.
> >> > I've done both, but the app is still timing out after only 30 minutes.
> >> >
> >> > The tomcat manager (Apache Tomcat/6.0.24)  indicates:
> >> > expire sessions with ide >= 60 minutes.
> >
> >
> >
> > --
> > - Ed
>



-- 
- Ed

Mime
View raw message