I have no idea how I can fix this or why this is happening.
Environment. I have a web app using Spring MVC and Shiro. I am providing REST apis for logging in and out as well as getting an accessToken. Basically created a Poor man's SSO and OAuth provider.
This is my exception
javax.servlet.ServletException: Filtered request failed.
java.lang.IllegalArgumentException: The org.apache.shiro.session.mgt.DelegatingSession implementation requires that the SessionKey argument returns a non-null sessionId to support the Session.getId() invocations.
I have customized a Cache and CacheManager as well as a custom Realm. My Spring configuration is basically what I found in the docs.
OK, just call me an idiot. I am on a Mac and testing/using Safari. Safari has this "private browsing" option. It was turned on. So of course it would happen because while in private browsing it won't store cookies.
So turning off private browsing, I don't see the error after logging in and out at least 5 times in a row (I didn't go further than that, but assume it will all still work)
Well, now updated from that last sentence. It can work over and over again if I go at a really slow speed in clicking the login then going and clicking on the logout link. If I give the page 4 seconds after logging in, to then click the logout link that shows up, then it will NOT show the error. If I click it as soon as the page appears with the logout link, then I see the exception.
Adding or removing that last line
/** = anon
Had no impact at all on it.
Also setting or not setting the cacheManager property on my Realm bean had a slight impact on it. With it being set it happens more often. Not all the time. Without it, it still happens but a bit less.
So I have run out of ideas. I have found the one that will be impacted the least and will stick with that until someone has some idea of a solution.
One time that I can guarantee it will always happens is if I login, then shut down the server, start the server back up and then refresh the page.