Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

mixtou
This post was updated on .
I have implemented shiro jwt token authentication using as reference  Shiro
json web token
<https://www.novatec-gmbh.de/en/blog/json-web-token-apache-shiro/>  .
Everything works fine besides that i have random disconnects with
SessionTimeOut Exception. Disconnects happen completely randomly. I might
have 3 disconnects in one Day or 1 Disconnect in one Week. The user logs in
with token authentication and token expiration of 1 Week period. However
while logged in suddenly and randomly gets logged out.

Has anyone faced a similar situation?
Can someone guide me where to look to isolate/find the problem?
Is my code correctly implemented?

Bellow is my code. To implement the functionality i have implemented one
*Realm* and one *Filter*.

I have tried to completely disable sessions completely using

*securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled =
false*

in Shiro.ini but then Authentication Fails. No Subject Exists...

Any Example would be highly appreciated, shiro lacks of documentation...

*Shiro.ini File*

[main]
jwtg = gr.histopath.platform.lib.JWTGuard
jwtv =  gr.histopath.platform.lib.JWTVerifyingFilter

ds = com.mysql.cj.jdbc.MysqlDataSource
ds.serverName = 127.0.0.1
ds.port = 3306
ds.user = histopathUser
ds.password = ***********
ds.databaseName = histopath

jdbcRealm = gr.histopath.platform.lib.MyRealm
jdbcRealm.dataSource = $ds


credentialsMatcher =
org.apache.shiro.authc.credential.Sha512CredentialsMatcher
credentialsMatcher.hashIterations = 50000
credentialsMatcher.hashSalted = true
credentialsMatcher.storedCredentialsHexEncoded = false
jdbcRealm.credentialsMatcher = $credentialsMatcher

jdbcRealm.permissionsLookupEnabled = false

shiro.loginUrl = /authentication/login

#cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
securityManager.cacheManager = $cacheManager

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 172800000

# ssl.enabled = false

securityManager.realms = $jdbcRealm
[users]

[roles]

[urls]

/authentication/login = authc
# /authentication/logout = logout

/search/* = noSessionCreation, jwtv
/statistics/* = noSessionCreation, jwtv
/clinics/* = noSessionCreation, jwtv
/patients/* = noSessionCreation, jwtv
/incidents/* = noSessionCreation, jwtv
/doctors/* = noSessionCreation, jwtv

/users/new = noSessionCreation, anon
/users/details/* = noSessionCreation, anon
/users/* = noSessionCreation, jwtv

/* = anon

*MyRealm.java*

public class  MyRealm extends JdbcRealm {

    private UserDAO userDAO;
    private User user;
    private String password;
    private ByteSource salt;
    private static final Logger logger =
LoggerFactory.getLogger(MyRealm.class);


    public MyRealm() {
        this.userDAO = new UserDAO();
        setSaltStyle(SaltStyle.COLUMN);
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
        // identify account to log to
        UsernamePasswordToken userPassToken = (UsernamePasswordToken) token;
        String username = userPassToken.getUsername();

        logger.debug("GMOTO: " + userPassToken.getUsername());

        if (username.equals(null)) {
            logger.debug("Username is null.");
            return null;
        }

        // read password hash and salt from db
//        System.out.println("Username: " + username);

        if(!userDAO.isOpen()){
            userDAO = new UserDAO();
        }

        this.user = userDAO.getByUsername(username);
        this.userDAO.closeEntityManager();
        logger.debug("user's email: " + this.user.getUsername());

        if (this.user == null) {
            logger.debug("No account found for user [" + username + "]");
            return null;
        }
        this.password = this.user.getPassword();
        this.salt =
ByteSource.Util.bytes(Base64.decode(this.user.getSalt()));

        SaltedAuthenticationInfo info = new SimpleAuthenticationInfo(user,
password, salt, getName());

        return info;
    }

}

*JWTVerigyingFilter.java*


public class JWTVerifyingFilter extends AccessControlFilter {

    private static final Logger logger =
LoggerFactory.getLogger(JWTVerifyingFilter.class);

    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest,
ServletResponse servletResponse, Object o) {
        logger.debug("Verifying Filter Execution");

        HttpServletRequest httpRequest = (HttpServletRequest)
servletRequest;
        String jwt = httpRequest.getHeader("Authorization");

        if (jwt == null || !jwt.startsWith("Bearer ")) {
//            System.out.println("DEn  Brika Tipota: ");
            logger.debug("No Token Found...");
//          
servletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            return false;
        }
        logger.debug("JWT Found");
        logger.debug("JWT Content: " + jwt);
        jwt = jwt.substring(jwt.indexOf(" "));
        Subject subject = SecurityUtils.getSubject();
        logger.debug("SecurityUtils Subject: " + subject.getPrincipal());

//        System.out.println("Token Found");
//        System.out.println("JWT: " + jwt);
//        System.out.println("Authenticated? " + subject.isAuthenticated());
//        System.out.println(" session " + subject.getSession().getId());
//        System.out.println(" salt " + ((User)
subject.getPrincipal()).getSalt());
//        System.out.println(" who-is " + ((User)
subject.getPrincipal()).getUsername());

        User user = null;
        logger.debug("Is Subject Authenticated: " +
subject.isAuthenticated());
        if (subject.isAuthenticated()) {

            user = (User) subject.getPrincipal();
            String username = null;

            try {
                Jws<Claims> claimsJws = Jwts.parser()
                       
.setSigningKey(DatatypeConverter.parseBase64Binary(user.getSalt()))
                        .parseClaimsJws(jwt);

//                System.out.println("Claims: " + claimsJws);
                logger.debug("Expiration: " +
claimsJws.getBody().getExpiration());
                username = claimsJws.getBody().getSubject();
            } catch (ExpiredJwtException expiredException) {
                logger.error("Token Is Expired....");
                logger.error(expiredException.getMessage(),
expiredException);
//                System.out.println("Token IS Expired.....");
//                expiredException.printStackTrace();
                logger.debug("Logging out the user...");
//                System.out.println("Logging out the user...");
                SecurityUtils.getSubject().logout();
//                System.out.println("mmmnnnnn: " +
SecurityUtils.getSubject().isAuthenticated());
                return false;
//                throw expiredException;
            } catch (SignatureException signatureException) {
                logger.error(signatureException.getMessage(),
signatureException);
//                signatureException.printStackTrace();
                return false;
            } catch (Exception e) {
                logger.error(e.getMessage(), e);
//                e.printStackTrace();
                return false;
            }
            System.out.println("Subject: " + user.getUsername());

            return username.equals(user.getUsername());

        }
//        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return false;
    }

    @Override
    protected boolean onAccessDenied(ServletRequest servletRequest,
ServletResponse servletResponse) {
        HttpServletResponse response = (HttpServletResponse)
servletResponse;
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return false;
    }
}

I have also posted the question in stack overflow  Question
<https://stackoverflow.com/questions/56576654/apache-shiro-jwt-token-authentication-random-disconnects-problem-with-sessiontim



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

Brian Demers
Can you include the stacktrace?

-Brian

> On Jun 13, 2019, at 5:11 AM, mixtou <[hidden email]> wrote:
>
> I have implemented shiro jwt token authentication using as reference  Shiro
> json web token
> <https://www.novatec-gmbh.de/en/blog/json-web-token-apache-shiro/>  .
> Everything works fine besides that i have random disconnects with
> SessionTimeOut Exception. Disconnects happen completely randomly. I might
> have 3 disconnects in one Day or 1 Disconnect in one Week. The user logs in
> with token authentication and token expiration of 1 Week period. However
> while logged in suddenly and randomly gets logged out.
>
> Has anyone faced a similar situation?
> Can someone guide me where to look to isolate/find the problem?
> Is my code correctly implemented?
>
> Bellow is my code. To implement the functionality i have implemented one
> *Realm* and one *Filter*.
>
> I have tried to completely disable sessions completely using
>
> *securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled =
> false*
>
> in Shiro.ini but then Authentication Fails. No Subject Exists...
>
> Any Example would be highly appreciated, shiro lacks of documentation...
>
> *Shiro.ini File*
>
> [main]
> jwtg = gr.histopath.platform.lib.JWTGuard
> jwtv =  gr.histopath.platform.lib.JWTVerifyingFilter
>
> ds = com.mysql.cj.jdbc.MysqlDataSource
> ds.serverName = 127.0.0.1
> ds.port = 3306
> ds.user = histopathUser
> ds.password = H1s+0p@+h.U$er
> ds.databaseName = histopath
>
> jdbcRealm = gr.histopath.platform.lib.MyRealm
> jdbcRealm.dataSource = $ds
>
>
> credentialsMatcher =
> org.apache.shiro.authc.credential.Sha512CredentialsMatcher
> credentialsMatcher.hashIterations = 50000
> credentialsMatcher.hashSalted = true
> credentialsMatcher.storedCredentialsHexEncoded = false
> jdbcRealm.credentialsMatcher = $credentialsMatcher
>
> jdbcRealm.permissionsLookupEnabled = false
>
> shiro.loginUrl = /authentication/login
>
> #cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
> securityManager.cacheManager = $cacheManager
>
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> securityManager.sessionManager = $sessionManager
> securityManager.sessionManager.globalSessionTimeout = 172800000
>
> # ssl.enabled = false
>
> securityManager.realms = $jdbcRealm
> [users]
>
> [roles]
>
> [urls]
>
> /authentication/login = authc
> # /authentication/logout = logout
>
> /search/* = noSessionCreation, jwtv
> /statistics/* = noSessionCreation, jwtv
> /clinics/* = noSessionCreation, jwtv
> /patients/* = noSessionCreation, jwtv
> /incidents/* = noSessionCreation, jwtv
> /doctors/* = noSessionCreation, jwtv
>
> /users/new = noSessionCreation, anon
> /users/details/* = noSessionCreation, anon
> /users/* = noSessionCreation, jwtv
>
> /* = anon
>
> *MyRealm.java*
>
> public class  MyRealm extends JdbcRealm {
>
>    private UserDAO userDAO;
>    private User user;
>    private String password;
>    private ByteSource salt;
>    private static final Logger logger =
> LoggerFactory.getLogger(MyRealm.class);
>
>
>    public MyRealm() {
>        this.userDAO = new UserDAO();
>        setSaltStyle(SaltStyle.COLUMN);
>    }
>
>    @Override
>    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
> token) throws AuthenticationException {
>        // identify account to log to
>        UsernamePasswordToken userPassToken = (UsernamePasswordToken) token;
>        String username = userPassToken.getUsername();
>
>        logger.debug("GMOTO: " + userPassToken.getUsername());
>
>        if (username.equals(null)) {
>            logger.debug("Username is null.");
>            return null;
>        }
>
>        // read password hash and salt from db
> //        System.out.println("Username: " + username);
>
>        if(!userDAO.isOpen()){
>            userDAO = new UserDAO();
>        }
>
>        this.user = userDAO.getByUsername(username);
>        this.userDAO.closeEntityManager();
>        logger.debug("user's email: " + this.user.getUsername());
>
>        if (this.user == null) {
>            logger.debug("No account found for user [" + username + "]");
>            return null;
>        }
>        this.password = this.user.getPassword();
>        this.salt =
> ByteSource.Util.bytes(Base64.decode(this.user.getSalt()));
>
>        SaltedAuthenticationInfo info = new SimpleAuthenticationInfo(user,
> password, salt, getName());
>
>        return info;
>    }
>
> }
>
> *JWTVerigyingFilter.java*
>
>
> public class JWTVerifyingFilter extends AccessControlFilter {
>
>    private static final Logger logger =
> LoggerFactory.getLogger(JWTVerifyingFilter.class);
>
>    @Override
>    protected boolean isAccessAllowed(ServletRequest servletRequest,
> ServletResponse servletResponse, Object o) {
>        logger.debug("Verifying Filter Execution");
>
>        HttpServletRequest httpRequest = (HttpServletRequest)
> servletRequest;
>        String jwt = httpRequest.getHeader("Authorization");
>
>        if (jwt == null || !jwt.startsWith("Bearer ")) {
> //            System.out.println("DEn  Brika Tipota: ");
>            logger.debug("No Token Found...");
> //          
> servletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>            return false;
>        }
>        logger.debug("JWT Found");
>        logger.debug("JWT Content: " + jwt);
>        jwt = jwt.substring(jwt.indexOf(" "));
>        Subject subject = SecurityUtils.getSubject();
>        logger.debug("SecurityUtils Subject: " + subject.getPrincipal());
>
> //        System.out.println("Token Found");
> //        System.out.println("JWT: " + jwt);
> //        System.out.println("Authenticated? " + subject.isAuthenticated());
> //        System.out.println(" session " + subject.getSession().getId());
> //        System.out.println(" salt " + ((User)
> subject.getPrincipal()).getSalt());
> //        System.out.println(" who-is " + ((User)
> subject.getPrincipal()).getUsername());
>
>        User user = null;
>        logger.debug("Is Subject Authenticated: " +
> subject.isAuthenticated());
>        if (subject.isAuthenticated()) {
>
>            user = (User) subject.getPrincipal();
>            String username = null;
>
>            try {
>                Jws<Claims> claimsJws = Jwts.parser()
>
> .setSigningKey(DatatypeConverter.parseBase64Binary(user.getSalt()))
>                        .parseClaimsJws(jwt);
>
> //                System.out.println("Claims: " + claimsJws);
>                logger.debug("Expiration: " +
> claimsJws.getBody().getExpiration());
>                username = claimsJws.getBody().getSubject();
>            } catch (ExpiredJwtException expiredException) {
>                logger.error("Token Is Expired....");
>                logger.error(expiredException.getMessage(),
> expiredException);
> //                System.out.println("Token IS Expired.....");
> //                expiredException.printStackTrace();
>                logger.debug("Logging out the user...");
> //                System.out.println("Logging out the user...");
>                SecurityUtils.getSubject().logout();
> //                System.out.println("mmmnnnnn: " +
> SecurityUtils.getSubject().isAuthenticated());
>                return false;
> //                throw expiredException;
>            } catch (SignatureException signatureException) {
>                logger.error(signatureException.getMessage(),
> signatureException);
> //                signatureException.printStackTrace();
>                return false;
>            } catch (Exception e) {
>                logger.error(e.getMessage(), e);
> //                e.printStackTrace();
>                return false;
>            }
>            System.out.println("Subject: " + user.getUsername());
>
>            return username.equals(user.getUsername());
>
>        }
> //        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>        return false;
>    }
>
>    @Override
>    protected boolean onAccessDenied(ServletRequest servletRequest,
> ServletResponse servletResponse) {
>        HttpServletResponse response = (HttpServletResponse)
> servletResponse;
>        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
>        return false;
>    }
> }
>
> I have also posted the question in stack overflow  Question
> <https://stackoverflow.com/questions/56576654/apache-shiro-jwt-token-authentication-random-disconnects-problem-with-sessiontim>  
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

mixtou
 DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
 DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault added 0 on disk
 DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
org.apache.shiro.web.servlet.SimpleCookie - Found 'JSESSIONID' cookie value
[094bf05d-05df-4295-9935-9eb365beaa20]
 DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on disk
 DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
gr.histopath.platform.lib.JWTVerifyingFilter - Verifying Filter Execution
 DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
gr.histopath.platform.lib.JWTVerifyingFilter - JWT Found
 DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
gr.histopath.platform.lib.JWTVerifyingFilter - Expiration: Tue Oct 15
05:38:06 UTC 2019
 DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
 DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault added 0 on disk
 DEBUG http-nio-127.0.0.1-8080-exec-3 - 2019-10-08 05:57; -
org.apache.shiro.web.servlet.SimpleCookie - Found 'JSESSIONID' cookie value
[094bf05d-05df-4295-9935-9eb365beaa20]
 DEBUG http-nio-127.0.0.1-8080-exec-3 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-3 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-3 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on disk
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 05:57; -
org.apache.shiro.web.servlet.SimpleCookie - Found 'JSESSIONID' cookie value
[094bf05d-05df-4295-9935-9eb365beaa20]
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
 DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
 DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault added 0 on disk
 DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0
from heap
 DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from
disk
 DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
 DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault added 0 on disk
 DEBUG http-nio-127.0.0.1-8080-exec-10 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@59886af5].  Returning null
to
 indicate a session could not be found.
 DEBUG http-nio-127.0.0.1-8080-exec-7 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@3375bbf5].  Returning null
to
indicate a session could not be found.
 DEBUG http-nio-127.0.0.1-8080-exec-5 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@298ff393].  Returning null
to
indicate a session could not be found.
 DEBUG http-nio-127.0.0.1-8080-exec-5 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@6e21ab8e].  Returning null
to
indicate a session could not be found.
 DEBUG http-nio-127.0.0.1-8080-exec-5 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@5a963550].  Returning null
to
indicate a session could not be found.
 DEBUG http-nio-127.0.0.1-8080-exec-5 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@33329a23].  Returning null
to
indicate a session could not be found.
 DEBUG http-nio-127.0.0.1-8080-exec-2 - 2019-10-08 06:03; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@3e360a82].  Returning null
to
indicate a session could not be found.
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@37185c0d].  Returning null
to
indicate a session could not be found.
 WARN http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.authc.AbstractAuthenticator - Authentication failed for
token submission [org.apache.shiro.authc.UsernamePasswordToken - null,
rememberMe=false (127.0.0.1)].  P
ossible unexpected error? (Typical or expected login exceptions should
extend from AuthenticationException).
java.lang.NullPointerException
        at
gr.histopath.platform.lib.MyRealm.doGetAuthenticationInfo(MyRealm.java:31)
        at
org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
        at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
        at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
        at
org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
        at
org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
        at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274)
        at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260)
        at
org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53)
        at
org.apache.shiro.web.filter.authc.FormAuthenticationFilter.onAccessDenied(FormAuthenticationFilter.java:154)
        at
org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133)
        at
org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162)
        at
org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203)
        at
org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178)
        at
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
        at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
        at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
        at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
        at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
        at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
        at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie
[rememberMe=deleteMe; Path=/Histopath-Platform; Max-Age=0; Expires=Mon,
07-Oct-2019 06:03:29 GMT]
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.web.filter.authc.FormAuthenticationFilter - Authentication
exception
org.apache.shiro.authc.AuthenticationException: Authentication failed for
token submission [org.apache.shiro.authc.UsernamePasswordToken - null,
rememberMe=false (127.0.0.1)].  Possible unexpected error? (Typical or
expected login excep
tions should extend from AuthenticationException).
        at
org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:214)
        at
org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
        at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274)
        at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260)
        at
org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53)
        at
org.apache.shiro.web.filter.authc.FormAuthenticationFilter.onAccessDenied(FormAuthenticationFilter.java:154)
        at
org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133)
        at
org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162)
        at
org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203)
        at
org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178)
        at
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
        at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
        at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
        at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
        at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
        at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
        at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
        at
gr.histopath.platform.lib.MyRealm.doGetAuthenticationInfo(MyRealm.java:31)
        at
org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
        at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
        at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
        at
org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
        ... 38 more
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.controllers.authentication.AuthenticationController -
Authenticating User
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo
[gr.histopath.platform.model.TransferObjects.User@70c6af5f] from
doGetAuthenticationInfo
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.realm.AuthenticatingRealm - AuthenticationInfo caching is
disabled for info
[gr.histopath.platform.model.TransferObjects.User@70c6af5f].  Submitted
token: [org
.apache.shiro.authc.UsernamePasswordToken - [hidden email],
rememberMe=false].
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.authc.credential.SimpleCredentialsMatcher - Performing
credentials equality check for tokenCredentials of type
[org.apache.shiro.crypto.hash.SimpleHash and acc
ountCredentials of type [org.apache.shiro.crypto.hash.SimpleHash]
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.authc.credential.SimpleCredentialsMatcher - Both
credentials arguments can be easily converted to byte arrays.  Performing
array equals comparison
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for
token [org.apache.shiro.authc.UsernamePasswordToken - [hidden email],
rememberMe=false].  Returne
d account [gr.histopath.platform.model.TransferObjects.User@70c6af5f]
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager
available in subject context map.  Falling back to
SecurityUtils.getSecurityManager() lookup.
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager
available in subject context map.  Falling back to
SecurityUtils.getSecurityManager() lookup.
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS record
for new session instance
[org.apache.shiro.session.mgt.SimpleSession,id=null]
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie
[JSESSIONID=9f8165fa-dc41-4baf-be20-1f34c3a6c97b; Path=/Histopath-Platform;
HttpOnly]
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie
[rememberMe=deleteMe; Path=/Histopath-Platform; Max-Age=0; Expires=Mon,
07-Oct-2019 06:03:29 GMT]
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.mgt.AbstractRememberMeManager - AuthenticationToken did not
indicate RememberMe is requested.  RememberMe functionality will not be
executed for corresponding
account.
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.lib.JWTProvider - JWT Provider FIRED
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.lib.JWTProvider - Date Now: Tue Oct 08 06:03:29 UTC
2019
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.lib.JWTProvider - JWT Provider Generated JWT:
eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhbmRhc2tAZ21haWwuY29tIiwiRmlyc3ROYW1lIjoizobOvc69zrEiLCJMYXN0TmFtZSI6Is6UzrH
Pg866zrHOu86szrrOtyIsImlhdCI6MTU3MDUxNDYwOSwiZXhwIjoxNTcxMTE5NDA5fQ.eTYPF2fCgUxS6vrjuzowmuBc54kVHk7Z4etrX-3wMyzIKAwwPd7Boe9ArplXckPLkUFckiTk_rZONm0kLvfpvA
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.controllers.authentication.AuthenticationController -
Token Values....
 DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.controllers.authentication.AuthenticationController -
{"jwtToken":"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhbmRhc2tAZ21haWwuY29tIiwiRmlyc3ROYW1lIjoizobOvc69zrEiLC
JMYXN0TmFtZSI6Is6UzrHPg866zrHOu86szrrOtyIsImlhdCI6MTU3MDUxNDYwOSwiZXhwIjoxNTcxMTE5NDA5fQ.eTYPF2fCgUxS6vrjuzowmuBc54kVHk7Z4etrX-3wMyzIKAwwPd7Boe9ArplXckPLkUFckiTk_rZONm0kLvfpvA","username":"[hidden email]"}



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

mixtou
This post was updated on .
In reply to this post by Brian Demers
I am also using nginx as reverse proxy in front of tomcat. Could this be causing the
problem? Any hints on what or where to look for ??



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

Brian Demers
What is null on line 31 ?
```
java.lang.NullPointerException
        at gr.histopath.platform.lib.MyRealm.doGetAuthenticationInfo(MyRealm.java:31)
```

Not sure if you have or not, but if you are NOT using a username/password token, make sure you implement the `supports()` method in your realm:
https://shiro.apache.org/static/1.4.1/apidocs/org/apache/shiro/realm/Realm.html#supports-org.apache.shiro.authc.AuthenticationToken-

On Fri, Oct 11, 2019 at 5:31 AM mixtou <[hidden email]> wrote:
I am also using nginx as reverse proxy from tomcat. Could this be causing the
problem? Any hints on what or where to look for ??



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

mixtou
Yes this is a username/password token. As i stated earlier this happens
occasionally/randomly. It could happen once a month or twice a day. The
system is in production and is used at least 8 hours per day.  As you can
see from the logs for some reason suddenly DefaultSessionManager is unable
to find sessionID. This is frustrating...



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

fpapon
Hi,

Are you using a CacheManager?

regards,

François
[hidden email]

Le 15/10/2019 à 10:35, mixtou a écrit :

> Yes this is a username/password token. As i stated earlier this happens
> occasionally/randomly. It could happen once a month or twice a day. The
> system is in production and is used at least 8 hours per day.  As you can
> see from the logs for some reason suddenly DefaultSessionManager is unable
> to find sessionID. This is frustrating...
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

mixtou
This post was updated on .
Yes below is my shiro.ini

[main]
jwtg = gr.histopath.platform.lib.JWTGuard
jwtv =  gr.histopath.platform.lib.JWTVerifyingFilter

ds = com.mysql.cj.jdbc.MysqlDataSource
ds.serverName = 127.0.0.1
ds.port = 3306
ds.user = histopathUser
ds.password = ***********
ds.databaseName = histopath

jdbcRealm = gr.histopath.platform.lib.MyRealm
jdbcRealm.dataSource = $ds

credentialsMatcher =
org.apache.shiro.authc.credential.Sha512CredentialsMatcher
credentialsMatcher.hashIterations = 50000
credentialsMatcher.hashSalted = true
credentialsMatcher.storedCredentialsHexEncoded = false
jdbcRealm.credentialsMatcher = $credentialsMatcher

jdbcRealm.permissionsLookupEnabled = false


sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager

sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO

cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
securityManager.cacheManager = $cacheManager

sessionValidationScheduler =
org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler
# Default is 3,600,000 millis = 1 hour:
sessionValidationScheduler.interval = 3600000

securityManager.sessionManager.sessionValidationScheduler =
$sessionValidationScheduler


securityManager.sessionManager.globalSessionTimeout = 172800000

securityManager.realms = $jdbcRealm

shiro.loginUrl = /authentication/login
[users]

[roles]

[urls]

/authentication/login = authc
# /authentication/logout = logout

/search/* = noSessionCreation, jwtv
/statistics/* = noSessionCreation, jwtv
/clinics/* = noSessionCreation, jwtv
/patients/* = noSessionCreation, jwtv
/incidents/* = noSessionCreation, jwtv
/doctors/* = noSessionCreation, jwtv

/users/new = noSessionCreation, anon
/users/details/* = noSessionCreation, anon
/users/* = noSessionCreation, jwtv

/** = anon



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

Brian Demers
When storing sessions (or any objects in a cache) they are subject to that Cache's configuration/policy

This is the default for EhCache config is:
https://github.com/apache/shiro/blob/master/support/ehcache/src/main/resources/org/apache/shiro/cache/ehcache/ehcache.xml

Based on your session timeout, it looks like you might need to bump the cache TTL.


On Fri, Oct 18, 2019 at 4:12 AM mixtou <[hidden email]> wrote:
Yes below is my shiro.ini

[main]
jwtg = gr.histopath.platform.lib.JWTGuard
jwtv =  gr.histopath.platform.lib.JWTVerifyingFilter

ds = com.mysql.cj.jdbc.MysqlDataSource
ds.serverName = 127.0.0.1
ds.port = 3306
ds.user = histopathUser
ds.password = H1s+0p@+h.U$er
ds.databaseName = histopath

jdbcRealm = gr.histopath.platform.lib.MyRealm
jdbcRealm.dataSource = $ds

credentialsMatcher =
org.apache.shiro.authc.credential.Sha512CredentialsMatcher
credentialsMatcher.hashIterations = 50000
credentialsMatcher.hashSalted = true
credentialsMatcher.storedCredentialsHexEncoded = false
jdbcRealm.credentialsMatcher = $credentialsMatcher

jdbcRealm.permissionsLookupEnabled = false


sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager

sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO

cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
securityManager.cacheManager = $cacheManager

sessionValidationScheduler =
org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler
# Default is 3,600,000 millis = 1 hour:
sessionValidationScheduler.interval = 3600000

securityManager.sessionManager.sessionValidationScheduler =
$sessionValidationScheduler


securityManager.sessionManager.globalSessionTimeout = 172800000

securityManager.realms = $jdbcRealm

shiro.loginUrl = /authentication/login
[users]

[roles]

[urls]

/authentication/login = authc
# /authentication/logout = logout

/search/* = noSessionCreation, jwtv
/statistics/* = noSessionCreation, jwtv
/clinics/* = noSessionCreation, jwtv
/patients/* = noSessionCreation, jwtv
/incidents/* = noSessionCreation, jwtv
/doctors/* = noSessionCreation, jwtv

/users/new = noSessionCreation, anon
/users/details/* = noSessionCreation, anon
/users/* = noSessionCreation, jwtv

/** = anon



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

mixtou
This post was updated on .
I have already ehcache2 enabled as second level cache for hibernate where i
have the corresponding rules for shiro. Below is my ehcache.xml

<?xml version="1.0" ?>
<ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
updateCheck="true" monitoring="autodetect" dynamicConfig="true"
         xsi:noNamespaceSchemaLocation="ehcache.xsd" name="ehcache2"
maxBytesLocalHeap="100M" maxBytesLocalDisk="1G">

    <diskStore path="java.io.tmpdir/ehchache"/>

    <defaultCache
            eternal="false"
            timeToLiveSeconds="600"
            timeToIdleSeconds="300"
            overflowToDisk="false"
            memoryStoreEvictionPolicy="LFU"
    />


    <cache name="EntityCache"
           eternal="false"
           overflowToDisk="false"
           timeToLiveSeconds="600"
           timeToIdleSeconds="300"
    />

    <cache name="org.hibernate.cache.UpdateTimestampsCache"
           eternal="true">
        <persistence strategy="localTempSwap"/>
    </cache>

    <cache name="org.hibernate.cache.internal.StandardQueryCache"
           eternal="false"
           timeToLiveSeconds="600"
           timeToIdleSeconds="300"
           overflowToDisk="false"
           memoryStoreEvictionPolicy="LFU"
    />

    <cache name="CollectionsCache"
           eternal="false"
           timeToLiveSeconds="600"
           timeToIdleSeconds="300"
           overflowToDisk="false"
           memoryStoreEvictionPolicy="LFU"
    />

    <cache name="shiro-activeSessionCache"
           overflowToDisk="true"
           eternal="true"
           timeToLiveSeconds="0"
           timeToIdleSeconds="0"
           diskPersistent="true"
           diskExpiryThreadIntervalSeconds="600"
    />


</ehcache>



--
Sent from: http://shiro-user.582556.n2.nabble.com/