org.apache.shiro.session.StoppedSessionException

["jethwani.bipin@gmail.com" <je...@gmail.com>]

I have Java remoting built on top of ActiveMQ and Camel using camel bean
invocation. There's a route from direct component to jms on client side
which injects the shiro security token (nothing special there) And on the
other side I have a route from jms to bean which has
policy(shiroSecurityPolicy) check using a custom realm.

Security Policy: 
shiroSecurityPolicy.setAlwaysReauthenticate(true);

Security Manager Setup
osRealm = <package>.AuthenticationRealm
osRealm.authenticationCachingEnabled=true

cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager.cacheManagerConfigFile = <ehCacheSetup.xml 30min for time to
live and time to idle>

securityManager.cacheManager = $cacheManager
securityManager.realms = $osRealm

Now inside ShiroSecurityPolicy.Processor.applySecurityPolicy(), I saw that
if always reauthenticate is set to true, it will logout the current user and
invoke onLogout on AuthenticatingRealm which would clear the cache and hence
I overrode that to not clear the cache.

And now I am trapped into below issue that after some time I keep getting
these exceptions.

Caused by: org.apache.shiro.session.StoppedSessionException: Session with id
[08779010-2098-48f0-9e43-f082d673d5ee] has been explicitly stopped.  No
further interaction under this session is allowed.
    at
org.apache.shiro.session.mgt.SimpleSession.validate(SimpleSession.java:270)
    at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doValidate(AbstractValidatingSessionManager.java:180)
    at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.validate(AbstractValidatingSessionManager.java:143)
    at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:120)
    at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105)
    at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:109)
    at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:206)
    at
org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141)
    at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
    at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
    at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
    at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
    at
org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469)
    at
org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153)
    at
org.apache.shiro.subject.support.DelegatingSubject.getPrincipal(DelegatingSubject.java:149)
    at
org.apache.camel.component.shiro.security.ShiroSecurityPolicy.authorizeUser(ShiroSecurityPolicy.java:237)


--another: a bit different--

Caused by: org.apache.shiro.session.StoppedSessionException: Session with id
[c7e1387f-4cc9-4fa1-a171-9904543270d3] has been explicitly stopped.  No
further interaction under this session is allowed.
	at
org.apache.shiro.session.mgt.SimpleSession.validate(SimpleSession.java:270)
	at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doValidate(AbstractValidatingSessionManager.java:180)
	at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.validate(AbstractValidatingSessionManager.java:143)
	at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:120)
	at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105)
	at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:109)
	at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:206)
	at
org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141)
	at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
	at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
	at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
	at
org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469)
	at
org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153)
	at
org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:177)
	at
org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:163)
	at org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:144)
	at
org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383)
	at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350)
	at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:183)
	at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:283)
	at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
	at
org.apache.camel.component.shiro.security.ShiroSecurityPolicy.authenticateUser(ShiroSecurityPolicy.java:204)









--
View this message in context: http://camel.465427.n5.nabble.com/org-apache-shiro-session-StoppedSessionException-tp5739016.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: org.apache.shiro.session.StoppedSessionException

["jethwani.bipin@gmail.com" <je...@gmail.com>]

Tried securityManager.sessionManager.globalSessionTimeout=-1 but still facing
issues with Session, this time it says it's unknow session.




--
View this message in context: http://camel.465427.n5.nabble.com/org-apache-shiro-session-StoppedSessionException-tp5739016p5739018.html
Sent from the Camel - Users mailing list archive at Nabble.com.