[ https://issues.apache.org/jira/browse/GEODE-2354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15838903#comment-15838903 ]
Kirk Lund commented on GEODE-2354: ---------------------------------- Options for fixing this: 1) increase globalSessionTimeout indefinitely (https://reviews.apache.org/r/55890/) 2) change IntegratedSecurityService.authorize to catch UnknownSessionException and re-authenticate The problem with #2 is we don't currently store the credentials to re-authenticate with. This would require keeping a strong reference to instances of GeodeAuthenticationToken which contains a reference to the Properties containing the credentials. We pass the token to Shiro and that's the last we use the token. > Use of security-manager results in UnknownSessionExceptions after 30 minutes > idle > --------------------------------------------------------------------------------- > > Key: GEODE-2354 > URL: https://issues.apache.org/jira/browse/GEODE-2354 > Project: Geode > Issue Type: Bug > Components: security > Reporter: Kirk Lund > Assignee: Kirk Lund > > If the User specifies a SecurityManager with security-manager, all authorized > operations start to fail with UnknownSessionExceptions after 30 minutes idle > which is the default globalSessionTimeout in Apache Shiro. > Workaround: specify security-shiro-init in gemfire.properties and configure > everything via Shiro within a shiro.ini. > Fixing this will require changes to IntegratedSecurityService to set the > globalSessionTimeout higher or to re-authenticate after a timeout. -- This message was sent by Atlassian JIRA (v6.3.4#6332)