I have Java remoting built on top of ActiveMQ and Camel using camel bean
invocation. There's a route from direct component to jms on client side
which injects the shiro security token (nothing special there) And on the
other side I have a route from jms to bean which has
policy(shiroSecurityPolicy) check using a custom realm.
Security Policy:
shiroSecurityPolicy.setAlwaysReauthenticate(true);
Security Manager Setup
osRealm = <package>.AuthenticationRealm
osRealm.authenticationCachingEnabled=true
cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager.cacheManagerConfigFile = <ehCacheSetup.xml 30min for time to
live and time to idle>
securityManager.cacheManager = $cacheManager
securityManager.realms = $osRealm
Now inside ShiroSecurityPolicy.Processor.applySecurityPolicy(), I saw that
if always reauthenticate is set to true, it will logout the current user and
invoke onLogout on AuthenticatingRealm which would clear the cache and hence
I overrode that to not clear the cache.
And now I am trapped into below issue that after some time I keep getting
these exceptions.
Caused by: org.apache.shiro.session.StoppedSessionException: Session with id
[08779010-2098-48f0-9e43-f082d673d5ee] has been explicitly stopped. No
further interaction under this session is allowed.
at
org.apache.shiro.session.mgt.SimpleSession.validate(SimpleSession.java:270)
at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doValidate(AbstractValidatingSessionManager.java:180)
at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.validate(AbstractValidatingSessionManager.java:143)
at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:120)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:109)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:206)
at
org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141)
at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at
org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469)
at
org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153)
at
org.apache.shiro.subject.support.DelegatingSubject.getPrincipal(DelegatingSubject.java:149)
at
org.apache.camel.component.shiro.security.ShiroSecurityPolicy.authorizeUser(ShiroSecurityPolicy.java:237)
--another: a bit different--
Caused by: org.apache.shiro.session.StoppedSessionException: Session with id
[c7e1387f-4cc9-4fa1-a171-9904543270d3] has been explicitly stopped. No
further interaction under this session is allowed.
at
org.apache.shiro.session.mgt.SimpleSession.validate(SimpleSession.java:270)
at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doValidate(AbstractValidatingSessionManager.java:180)
at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.validate(AbstractValidatingSessionManager.java:143)
at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:120)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:109)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:206)
at
org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141)
at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at
org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469)
at
org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153)
at
org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:177)
at
org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:163)
at
org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:144)
at
org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383)
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350)
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:183)
at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:283)
at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
at
org.apache.camel.component.shiro.security.ShiroSecurityPolicy.authenticateUser(ShiroSecurityPolicy.java:204)
--
View this message in context:
http://camel.465427.n5.nabble.com/org-apache-shiro-session-StoppedSessionException-tp5739016.html
Sent from the Camel - Users mailing list archive at Nabble.com.
