----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55890/#review162861 -----------------------------------------------------------
Ship it! Do you think we ought to add a test to make sure the session timeout actually got set? E.g. if `shiroManager.getSessionManager()` is not returning us a `DefaultSessionManager` then we won't have set a timeout - Jared Stewart On Jan. 24, 2017, 8:55 p.m., Kirk Lund wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/55890/ > ----------------------------------------------------------- > > (Updated Jan. 24, 2017, 8:55 p.m.) > > > Review request for geode, Jinmei Liao, Jared Stewart, Kevin Duling, and > Swapnil Bawaskar. > > > Bugs: GEODE-2354 > https://issues.apache.org/jira/browse/GEODE-2354 > > > Repository: geode > > > Description > ------- > > Use of security-manager results in > org.apache.shiro.session.UnknownSessionExceptions being thrown from protected > operations after 30 minutes idle (the default global session timeout in > Apache Shiro). > > GFSH connects to the JMX Manager but this connection has no timeout even if > the cluster is secured. So after 30 minutes of being idle, GFSH will remain > connected to the JMX Manager but all commands that are protected will result > in an UnknownSessionException. > > The changes in the change set simply set the global session timeout to > MAX_VALUE if the user has specified a security-manager. If the user specifies > security-shiro-init (for a custom shiro.ini) then we leave the global session > configuration to the user's shiro.ini. > > > Diffs > ----- > > > geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java > 73d051f > > Diff: https://reviews.apache.org/r/55890/diff/ > > > Testing > ------- > > precheckin in progress > > > Thanks, > > Kirk Lund > >
