shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: Shiro vs Glassfish session problem
Date Fri, 14 Dec 2012 20:08:08 GMT
Odds are high that the authenticated session is timing-out.

Some of the authorization conditions require an authenticated subject
first, so if the session is new (the old one has timed-out), naturally
those conditions would fail.

HTH,

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk

On Fri, Dec 14, 2012 at 2:39 AM, Paulo Pires <pjpires@ubiwhere.com> wrote:

>  Hi list,
>
> I've implemented a REST application that uses Shiro + JDBC Realm for
> authentication.
> This application has a few clients (applications + a web-site) that
> perform authentication, store the response cookie and use the same cookie
> when asking for REST resources.
>
> As my REST environment is a Glassfish cluster, I have my sessions being
> replicated and everything works great for a time - I can't precise how
> much, though. After some time, the cookie is accepted by Glassfish but
> Shiro complains:
>
> org.apache.shiro.authz.UnauthenticatedException: The current Subject is
> not authenticated.  Access denied.
> Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized
> to invoke method: public javax.ws.rs.core.Response com....
>
> org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90)
>
> Sessions live for 24 hours. Any idea on what's happening?
>
> Cheers,
>
> --
> Paulo Pires
>
>

Mime
View raw message