Getting UnknownSessionException after standalone non-web application has been running for some time

[jhericks <ja...@jasonerickson.com>]

I have an application that happens to run in Tomcat, but that's just because
of some deployment reasons.  It doesn't serve any requests, so I'm using
DefaultSecurityManager.  I'm using a very simple configuration:


It has several threads of pollers that check queues for events.  When it
gets an event, one of the elements in that event is the username of the user
that did something that put the event on the queue in the first place.  The
event is passed to a method with the actual application logic.  I use the
username and a custom token and credentials matcher to "login" as that user
so that future activity will be done on their behalf.

Everything works fine for a while, but then I start getting
UnknownSessionExceptions when I try to log in.

Here is an abbreviated version of the code where the exception is thrown:


And here is an abbreviated version of the stack trace:


I think I see part of what's happening, which is that getSubject() just
returns the subject attached to the current thread and that subject already
has a session associated with it as a field.  So
DelegatingSubject.getSession(false) returns a non-null session, but that
when you try to look up that session from the SessionDao, it's not there.

So my questions are: Is this how it's supposed to work? What is the
recommended way to configure this?  Should I be turning off the thread
validation scheduler or turning off it's deletions or somehow explicitly
making sure that getSubject is creating a new session or what?



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Getting-UnknownSessionException-after-standalone-non-web-application-has-been-running-for-some-time-tp7578211.html
Sent from the Shiro User mailing list archive at Nabble.com.