Setting login expiry for Shiro on GAE

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Setting login expiry for Shiro on GAE

Harshdeep S Jawanda
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Brian Demers
If you are using a shiro.ini the property would be:
securityManager.sessionManager.sessionIdCookie.maxAge = <int>

Otherwise you can traverse your beans, something like: sessionManger.getSessionIdCookie().setMaxAge(<int>)

On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Harshdeep S Jawanda
Initially I was not explicitly setting the session manager in my shiro.ini, so it defaults to ServletContainerSessionManager. ServletContainerSessionManager doesn't have a sessionIdCookie property, so I get the NoSuchMethodException exception during startup (if I use securityManager.sessionManager.sessionIdCookie.maxAge in shiro.ini).

If I try to explicitly set the session manager to DefaultWebSessionManager in shiro.ini, I get the previously mentioned AccessControlException, which, as far as I can make out, is because DefaultWebSessionManager must be trying to write to disk, and that is forbidden on Google App Engine.

I also tried to do user.getSession().setTimeout(timeoutValue * 1000) immediately after user logs in (with ServletContainerSessionManager active), but that seems to have no effect. httpServletRequest.getSession().setMaxInactiveInterval(timeoutValue) didn't work either.

Any suggestions? There must be a way to set session cookie timeout on GAE using Shiro...


Regards,
Harshdeep S Jawanda

On 13 March 2017 at 20:22, Brian Demers <[hidden email]> wrote:
If you are using a shiro.ini the property would be:
securityManager.sessionManager.sessionIdCookie.maxAge = <int>

Otherwise you can traverse your beans, something like: sessionManger.getSessionIdCookie().setMaxAge(<int>)

On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Brian Demers
Can you post the stacktraces ?


On Tue, Mar 14, 2017 at 3:36 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Initially I was not explicitly setting the session manager in my shiro.ini, so it defaults to ServletContainerSessionManager. ServletContainerSessionManager doesn't have a sessionIdCookie property, so I get the NoSuchMethodException exception during startup (if I use securityManager.sessionManager.sessionIdCookie.maxAge in shiro.ini).

If I try to explicitly set the session manager to DefaultWebSessionManager in shiro.ini, I get the previously mentioned AccessControlException, which, as far as I can make out, is because DefaultWebSessionManager must be trying to write to disk, and that is forbidden on Google App Engine.

I also tried to do user.getSession().setTimeout(timeoutValue * 1000) immediately after user logs in (with ServletContainerSessionManager active), but that seems to have no effect. httpServletRequest.getSession().setMaxInactiveInterval(timeoutValue) didn't work either.

Any suggestions? There must be a way to set session cookie timeout on GAE using Shiro...


Regards,
Harshdeep S Jawanda

On 13 March 2017 at 20:22, Brian Demers <[hidden email]> wrote:
If you are using a shiro.ini the property would be:
securityManager.sessionManager.sessionIdCookie.maxAge = <int>

Otherwise you can traverse your beans, something like: sessionManger.getSessionIdCookie().setMaxAge(<int>)

On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Harshdeep S Jawanda
This is from when I set the session manager to DefaultWebSessionManager (happens during server startup):

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)


The following is the exception when using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543} org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544) at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167) at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46) at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123) at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47) at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203) at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99) at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40) at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221) at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133) at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548) at org.mortbay.jetty.servlet.Context.startContext(Context.java:136) at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250) at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager' at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257) at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808) at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884) at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931) at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498) at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251) ... 39 more



Regards,
Harshdeep S Jawanda

On 14 March 2017 at 20:51, Brian Demers <[hidden email]> wrote:
Can you post the stacktraces ?


On Tue, Mar 14, 2017 at 3:36 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Initially I was not explicitly setting the session manager in my shiro.ini, so it defaults to ServletContainerSessionManager. ServletContainerSessionManager doesn't have a sessionIdCookie property, so I get the NoSuchMethodException exception during startup (if I use securityManager.sessionManager.sessionIdCookie.maxAge in shiro.ini).

If I try to explicitly set the session manager to DefaultWebSessionManager in shiro.ini, I get the previously mentioned AccessControlException, which, as far as I can make out, is because DefaultWebSessionManager must be trying to write to disk, and that is forbidden on Google App Engine.

I also tried to do user.getSession().setTimeout(timeoutValue * 1000) immediately after user logs in (with ServletContainerSessionManager active), but that seems to have no effect. httpServletRequest.getSession().setMaxInactiveInterval(timeoutValue) didn't work either.

Any suggestions? There must be a way to set session cookie timeout on GAE using Shiro...


Regards,
Harshdeep S Jawanda

On 13 March 2017 at 20:22, Brian Demers <[hidden email]> wrote:
If you are using a shiro.ini the property would be:
securityManager.sessionManager.sessionIdCookie.maxAge = <int>

Otherwise you can traverse your beans, something like: sessionManger.getSessionIdCookie().setMaxAge(<int>)

On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda




Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Harshdeep S Jawanda
Second try...

When using DefaultWebSessionManager:

Uncaught exception from servlet
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484)
    at java.security.AccessController.checkPermission(AccessController.java:698)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136)
    at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315)
    at java.lang.Thread.init(Thread.java:391)
    at java.lang.Thread.init(Thread.java:349)
    at java.lang.Thread.<init>(Thread.java:461)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87)
    at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600)
    at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943)
    at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635)
    at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307)
    at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566)
    at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
    at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
    at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
    at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
    at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745)

When using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543}
org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544)
    at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167)
    at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
    at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
    at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
    at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203)
    at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99)
    at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40)
    at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221)
    at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133)
    at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58)
    at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
    at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
    at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
    at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
    at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
    at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager'
    at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257)
    at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808)
    at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884)
    at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931)
    at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498)
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251)
    ... 39 more


Regards,
Harshdeep S Jawanda

On 14 March 2017 at 21:23, Harshdeep S Jawanda <[hidden email]> wrote:
This is from when I set the session manager to DefaultWebSessionManager (happens during server startup):

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)


The following is the exception when using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543} org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544) at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167) at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46) at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123) at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47) at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203) at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99) at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40) at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221) at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133) at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548) at org.mortbay.jetty.servlet.Context.startContext(Context.java:136) at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250) at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager' at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257) at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808) at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884) at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931) at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498) at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251) ... 39 more



Regards,
Harshdeep S Jawanda

On 14 March 2017 at 20:51, Brian Demers <[hidden email]> wrote:
Can you post the stacktraces ?


On Tue, Mar 14, 2017 at 3:36 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Initially I was not explicitly setting the session manager in my shiro.ini, so it defaults to ServletContainerSessionManager. ServletContainerSessionManager doesn't have a sessionIdCookie property, so I get the NoSuchMethodException exception during startup (if I use securityManager.sessionManager.sessionIdCookie.maxAge in shiro.ini).

If I try to explicitly set the session manager to DefaultWebSessionManager in shiro.ini, I get the previously mentioned AccessControlException, which, as far as I can make out, is because DefaultWebSessionManager must be trying to write to disk, and that is forbidden on Google App Engine.

I also tried to do user.getSession().setTimeout(timeoutValue * 1000) immediately after user logs in (with ServletContainerSessionManager active), but that seems to have no effect. httpServletRequest.getSession().setMaxInactiveInterval(timeoutValue) didn't work either.

Any suggestions? There must be a way to set session cookie timeout on GAE using Shiro...


Regards,
Harshdeep S Jawanda

On 13 March 2017 at 20:22, Brian Demers <[hidden email]> wrote:
If you are using a shiro.ini the property would be:
securityManager.sessionManager.sessionIdCookie.maxAge = <int>

Otherwise you can traverse your beans, something like: sessionManger.getSessionIdCookie().setMaxAge(<int>)

On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda





Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Harshdeep S Jawanda
Do the stack traces give you any idea?

Sent from my Moto X2

On 14-Mar-2017 21:31, "Harshdeep S Jawanda" <[hidden email]> wrote:
Second try...

When using DefaultWebSessionManager:

Uncaught exception from servlet
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484)
    at java.security.AccessController.checkPermission(AccessController.java:698)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136)
    at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315)
    at java.lang.Thread.init(Thread.java:391)
    at java.lang.Thread.init(Thread.java:349)
    at java.lang.Thread.<init>(Thread.java:461)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87)
    at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600)
    at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943)
    at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635)
    at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307)
    at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566)
    at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
    at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
    at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
    at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
    at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745)

When using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543}
org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544)
    at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167)
    at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
    at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
    at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
    at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203)
    at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99)
    at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40)
    at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221)
    at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133)
    at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58)
    at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
    at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
    at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
    at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
    at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
    at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager'
    at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257)
    at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808)
    at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884)
    at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931)
    at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498)
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251)
    ... 39 more


Regards,
Harshdeep S Jawanda

On 14 March 2017 at 21:23, Harshdeep S Jawanda <[hidden email]> wrote:
This is from when I set the session manager to DefaultWebSessionManager (happens during server startup):

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)


The following is the exception when using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543} org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544) at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167) at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46) at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123) at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47) at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203) at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99) at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40) at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221) at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133) at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548) at org.mortbay.jetty.servlet.Context.startContext(Context.java:136) at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250) at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager' at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257) at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808) at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884) at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931) at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498) at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251) ... 39 more



Regards,
Harshdeep S Jawanda

On 14 March 2017 at 20:51, Brian Demers <[hidden email]> wrote:
Can you post the stacktraces ?


On Tue, Mar 14, 2017 at 3:36 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Initially I was not explicitly setting the session manager in my shiro.ini, so it defaults to ServletContainerSessionManager. ServletContainerSessionManager doesn't have a sessionIdCookie property, so I get the NoSuchMethodException exception during startup (if I use securityManager.sessionManager.sessionIdCookie.maxAge in shiro.ini).

If I try to explicitly set the session manager to DefaultWebSessionManager in shiro.ini, I get the previously mentioned AccessControlException, which, as far as I can make out, is because DefaultWebSessionManager must be trying to write to disk, and that is forbidden on Google App Engine.

I also tried to do user.getSession().setTimeout(timeoutValue * 1000) immediately after user logs in (with ServletContainerSessionManager active), but that seems to have no effect. httpServletRequest.getSession().setMaxInactiveInterval(timeoutValue) didn't work either.

Any suggestions? There must be a way to set session cookie timeout on GAE using Shiro...


Regards,
Harshdeep S Jawanda

On 13 March 2017 at 20:22, Brian Demers <[hidden email]> wrote:
If you are using a shiro.ini the property would be:
securityManager.sessionManager.sessionIdCookie.maxAge = <int>

Otherwise you can traverse your beans, something like: sessionManger.getSessionIdCookie().setMaxAge(<int>)

On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda





Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Brian Demers
The formatting of the stacktraces is missing in the email, making it difficult to read.
Can you reformat it, or use a Github gist ?

On Tue, Mar 14, 2017 at 1:34 PM, Harshdeep S Jawanda <[hidden email]> wrote:
Do the stack traces give you any idea?

Sent from my Moto X2

On 14-Mar-2017 21:31, "Harshdeep S Jawanda" <[hidden email]> wrote:
Second try...

When using DefaultWebSessionManager:

Uncaught exception from servlet
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484)
    at java.security.AccessController.checkPermission(AccessController.java:698)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136)
    at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315)
    at java.lang.Thread.init(Thread.java:391)
    at java.lang.Thread.init(Thread.java:349)
    at java.lang.Thread.<init>(Thread.java:461)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87)
    at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600)
    at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943)
    at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635)
    at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307)
    at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566)
    at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
    at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
    at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
    at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
    at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745)

When using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543}
org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544)
    at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167)
    at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
    at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
    at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
    at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203)
    at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99)
    at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40)
    at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221)
    at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133)
    at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58)
    at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
    at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
    at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
    at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
    at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
    at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager'
    at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257)
    at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808)
    at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884)
    at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931)
    at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498)
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251)
    ... 39 more


Regards,
Harshdeep S Jawanda

On 14 March 2017 at 21:23, Harshdeep S Jawanda <[hidden email]> wrote:
This is from when I set the session manager to DefaultWebSessionManager (happens during server startup):

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)


The following is the exception when using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543} org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544) at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167) at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46) at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123) at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47) at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203) at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99) at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40) at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221) at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133) at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548) at org.mortbay.jetty.servlet.Context.startContext(Context.java:136) at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250) at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager' at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257) at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808) at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884) at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931) at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498) at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251) ... 39 more



Regards,
Harshdeep S Jawanda

On 14 March 2017 at 20:51, Brian Demers <[hidden email]> wrote:
Can you post the stacktraces ?


On Tue, Mar 14, 2017 at 3:36 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Initially I was not explicitly setting the session manager in my shiro.ini, so it defaults to ServletContainerSessionManager. ServletContainerSessionManager doesn't have a sessionIdCookie property, so I get the NoSuchMethodException exception during startup (if I use securityManager.sessionManager.sessionIdCookie.maxAge in shiro.ini).

If I try to explicitly set the session manager to DefaultWebSessionManager in shiro.ini, I get the previously mentioned AccessControlException, which, as far as I can make out, is because DefaultWebSessionManager must be trying to write to disk, and that is forbidden on Google App Engine.

I also tried to do user.getSession().setTimeout(timeoutValue * 1000) immediately after user logs in (with ServletContainerSessionManager active), but that seems to have no effect. httpServletRequest.getSession().setMaxInactiveInterval(timeoutValue) didn't work either.

Any suggestions? There must be a way to set session cookie timeout on GAE using Shiro...


Regards,
Harshdeep S Jawanda

On 13 March 2017 at 20:22, Brian Demers <[hidden email]> wrote:
If you are using a shiro.ini the property would be:
securityManager.sessionManager.sessionIdCookie.maxAge = <int>

Otherwise you can traverse your beans, something like: sessionManger.getSessionIdCookie().setMaxAge(<int>)

On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda






Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Harshdeep S Jawanda
I had sent another, re-formatted email immediately afterwards when I realized that the formatting hadn't gone through correctly (without proper linebreaks, stacktraces are impossible to read!), but anyway, here are a couple of gists:


Regards,
Harshdeep S Jawanda

On 16 March 2017 at 01:26, Brian Demers <[hidden email]> wrote:
The formatting of the stacktraces is missing in the email, making it difficult to read.
Can you reformat it, or use a Github gist ?

On Tue, Mar 14, 2017 at 1:34 PM, Harshdeep S Jawanda <[hidden email]> wrote:
Do the stack traces give you any idea?

Sent from my Moto X2

On 14-Mar-2017 21:31, "Harshdeep S Jawanda" <[hidden email]> wrote:
Second try...

When using DefaultWebSessionManager:

Uncaught exception from servlet
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484)
    at java.security.AccessController.checkPermission(AccessController.java:698)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136)
    at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315)
    at java.lang.Thread.init(Thread.java:391)
    at java.lang.Thread.init(Thread.java:349)
    at java.lang.Thread.<init>(Thread.java:461)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87)
    at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600)
    at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943)
    at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635)
    at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307)
    at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566)
    at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
    at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
    at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
    at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
    at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745)

When using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543}
org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544)
    at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167)
    at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
    at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
    at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
    at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203)
    at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99)
    at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40)
    at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221)
    at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133)
    at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58)
    at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
    at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
    at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
    at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
    at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
    at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager'
    at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257)
    at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808)
    at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884)
    at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931)
    at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498)
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251)
    ... 39 more


Regards,
Harshdeep S Jawanda

On 14 March 2017 at 21:23, Harshdeep S Jawanda <[hidden email]> wrote:
This is from when I set the session manager to DefaultWebSessionManager (happens during server startup):

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)


The following is the exception when using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543} org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544) at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167) at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46) at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123) at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47) at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203) at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99) at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40) at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221) at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133) at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548) at org.mortbay.jetty.servlet.Context.startContext(Context.java:136) at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250) at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager' at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257) at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808) at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884) at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931) at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498) at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251) ... 39 more



Regards,
Harshdeep S Jawanda

On 14 March 2017 at 20:51, Brian Demers <[hidden email]> wrote:
Can you post the stacktraces ?


On Tue, Mar 14, 2017 at 3:36 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Initially I was not explicitly setting the session manager in my shiro.ini, so it defaults to ServletContainerSessionManager. ServletContainerSessionManager doesn't have a sessionIdCookie property, so I get the NoSuchMethodException exception during startup (if I use securityManager.sessionManager.sessionIdCookie.maxAge in shiro.ini).

If I try to explicitly set the session manager to DefaultWebSessionManager in shiro.ini, I get the previously mentioned AccessControlException, which, as far as I can make out, is because DefaultWebSessionManager must be trying to write to disk, and that is forbidden on Google App Engine.

I also tried to do user.getSession().setTimeout(timeoutValue * 1000) immediately after user logs in (with ServletContainerSessionManager active), but that seems to have no effect. httpServletRequest.getSession().setMaxInactiveInterval(timeoutValue) didn't work either.

Any suggestions? There must be a way to set session cookie timeout on GAE using Shiro...


Regards,
Harshdeep S Jawanda

On 13 March 2017 at 20:22, Brian Demers <[hidden email]> wrote:
If you are using a shiro.ini the property would be:
securityManager.sessionManager.sessionIdCookie.maxAge = <int>

Otherwise you can traverse your beans, something like: sessionManger.getSessionIdCookie().setMaxAge(<int>)

On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda







Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Harshdeep S Jawanda
In reply to this post by Brian Demers
Seems my email from 5 minutes ago may not have gotten send properly... strange. Anyway:

When using ServletContainerSessionManager: https://gist.github.com/hsjawanda/711e5ef8cc4ed95138b725f3c3625c74

Regards,
Harshdeep S Jawanda

On 16 March 2017 at 01:26, Brian Demers <[hidden email]> wrote:
The formatting of the stacktraces is missing in the email, making it difficult to read.
Can you reformat it, or use a Github gist ?

On Tue, Mar 14, 2017 at 1:34 PM, Harshdeep S Jawanda <[hidden email]> wrote:
Do the stack traces give you any idea?

Sent from my Moto X2

On 14-Mar-2017 21:31, "Harshdeep S Jawanda" <[hidden email]> wrote:
Second try...

When using DefaultWebSessionManager:

Uncaught exception from servlet
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484)
    at java.security.AccessController.checkPermission(AccessController.java:698)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136)
    at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315)
    at java.lang.Thread.init(Thread.java:391)
    at java.lang.Thread.init(Thread.java:349)
    at java.lang.Thread.<init>(Thread.java:461)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87)
    at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600)
    at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943)
    at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635)
    at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307)
    at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566)
    at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
    at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
    at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
    at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
    at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745)

When using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543}
org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544)
    at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167)
    at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
    at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
    at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
    at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203)
    at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99)
    at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40)
    at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221)
    at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133)
    at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58)
    at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
    at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
    at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
    at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
    at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
    at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager'
    at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257)
    at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808)
    at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884)
    at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931)
    at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498)
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251)
    ... 39 more


Regards,
Harshdeep S Jawanda

On 14 March 2017 at 21:23, Harshdeep S Jawanda <[hidden email]> wrote:
This is from when I set the session manager to DefaultWebSessionManager (happens during server startup):

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)


The following is the exception when using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543} org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544) at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167) at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46) at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123) at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47) at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203) at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99) at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40) at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221) at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133) at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548) at org.mortbay.jetty.servlet.Context.startContext(Context.java:136) at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250) at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager' at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257) at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808) at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884) at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931) at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498) at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251) ... 39 more



Regards,
Harshdeep S Jawanda

On 14 March 2017 at 20:51, Brian Demers <[hidden email]> wrote:
Can you post the stacktraces ?


On Tue, Mar 14, 2017 at 3:36 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Initially I was not explicitly setting the session manager in my shiro.ini, so it defaults to ServletContainerSessionManager. ServletContainerSessionManager doesn't have a sessionIdCookie property, so I get the NoSuchMethodException exception during startup (if I use securityManager.sessionManager.sessionIdCookie.maxAge in shiro.ini).

If I try to explicitly set the session manager to DefaultWebSessionManager in shiro.ini, I get the previously mentioned AccessControlException, which, as far as I can make out, is because DefaultWebSessionManager must be trying to write to disk, and that is forbidden on Google App Engine.

I also tried to do user.getSession().setTimeout(timeoutValue * 1000) immediately after user logs in (with ServletContainerSessionManager active), but that seems to have no effect. httpServletRequest.getSession().setMaxInactiveInterval(timeoutValue) didn't work either.

Any suggestions? There must be a way to set session cookie timeout on GAE using Shiro...


Regards,
Harshdeep S Jawanda

On 13 March 2017 at 20:22, Brian Demers <[hidden email]> wrote:
If you are using a shiro.ini the property would be:
securityManager.sessionManager.sessionIdCookie.maxAge = <int>

Otherwise you can traverse your beans, something like: sessionManger.getSessionIdCookie().setMaxAge(<int>)

On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda







Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Brian Demers

On Wed, Mar 15, 2017 at 5:19 PM, Harshdeep S Jawanda <[hidden email]> wrote:
Seems my email from 5 minutes ago may not have gotten send properly... strange. Anyway:

When using ServletContainerSessionManager: https://gist.github.com/hsjawanda/711e5ef8cc4ed95138b725f3c3625c74

Regards,
Harshdeep S Jawanda

On 16 March 2017 at 01:26, Brian Demers <[hidden email]> wrote:
The formatting of the stacktraces is missing in the email, making it difficult to read.
Can you reformat it, or use a Github gist ?

On Tue, Mar 14, 2017 at 1:34 PM, Harshdeep S Jawanda <[hidden email]> wrote:
Do the stack traces give you any idea?

Sent from my Moto X2

On 14-Mar-2017 21:31, "Harshdeep S Jawanda" <[hidden email]> wrote:
Second try...

When using DefaultWebSessionManager:

Uncaught exception from servlet
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484)
    at java.security.AccessController.checkPermission(AccessController.java:698)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136)
    at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315)
    at java.lang.Thread.init(Thread.java:391)
    at java.lang.Thread.init(Thread.java:349)
    at java.lang.Thread.<init>(Thread.java:461)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87)
    at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600)
    at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943)
    at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635)
    at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307)
    at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566)
    at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695)
    at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
    at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
    at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
    at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
    at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745)

When using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543}
org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544)
    at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206)
    at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167)
    at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124)
    at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88)
    at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
    at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
    at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
    at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203)
    at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99)
    at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45)
    at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40)
    at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221)
    at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133)
    at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58)
    at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
    at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
    at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
    at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
    at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
    at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238)
    at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager'
    at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257)
    at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808)
    at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884)
    at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931)
    at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498)
    at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251)
    ... 39 more


Regards,
Harshdeep S Jawanda

On 14 March 2017 at 21:23, Harshdeep S Jawanda <[hidden email]> wrote:
This is from when I set the session manager to DefaultWebSessionManager (happens during server startup):

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:484) at java.security.AccessController.checkPermission(AccessController.java:698) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:55) at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:136) at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) at java.lang.Thread.init(Thread.java:391) at java.lang.Thread.init(Thread.java:349) at java.lang.Thread.<init>(Thread.java:461) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler$1.newThread(ExecutorServiceSessionValidationScheduler.java:87) at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:600) at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:943) at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1635) at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:566) at java.util.concurrent.Executors$DelegatedScheduledExecutorService.scheduleAtFixedRate(Executors.java:695) at org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler.enableSessionValidation(ExecutorServiceSessionValidationScheduler.java:92) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidation(AbstractValidatingSessionManager.java:232) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.enableSessionValidationIfNecessary(AbstractValidatingSessionManager.java:86) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:114) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.googlecode.objectify.ObjectifyFilter.doFilter(ObjectifyFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:48) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:257) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:145) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745)


The following is the exception when using ServletContainerSessionManager:

Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@6ea1bf09{/,/base/data/home/apps/s~hsjplowns/0-7-3-hp-perf1.399822149927584543} org.apache.shiro.config.ConfigurationException: Unable to determine if property [sessionManager.sessionIdCookie.maxAge] represents a java.util.Set at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:264) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544) at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206) at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167) at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:161) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:124) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:102) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:88) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46) at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123) at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47) at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203) at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99) at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45) at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40) at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221) at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133) at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548) at org.mortbay.jetty.servlet.Context.startContext(Context.java:136) at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250) at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:203) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:176) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:133) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:559) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:519) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:489) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:453) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:460) at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:293) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:319) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:311) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:457) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:238) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoSuchMethodException: Unknown property 'sessionIdCookie' on class 'class org.apache.shiro.web.session.mgt.ServletContainerSessionManager' at org.apache.commons.beanutils.PropertyUtilsBean.getSimpleProperty(PropertyUtilsBean.java:1257) at org.apache.commons.beanutils.PropertyUtilsBean.getNestedProperty(PropertyUtilsBean.java:808) at org.apache.commons.beanutils.PropertyUtilsBean.getProperty(PropertyUtilsBean.java:884) at org.apache.commons.beanutils.PropertyUtilsBean.getPropertyDescriptor(PropertyUtilsBean.java:931) at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(PropertyUtils.java:498) at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:251) ... 39 more



Regards,
Harshdeep S Jawanda

On 14 March 2017 at 20:51, Brian Demers <[hidden email]> wrote:
Can you post the stacktraces ?


On Tue, Mar 14, 2017 at 3:36 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Initially I was not explicitly setting the session manager in my shiro.ini, so it defaults to ServletContainerSessionManager. ServletContainerSessionManager doesn't have a sessionIdCookie property, so I get the NoSuchMethodException exception during startup (if I use securityManager.sessionManager.sessionIdCookie.maxAge in shiro.ini).

If I try to explicitly set the session manager to DefaultWebSessionManager in shiro.ini, I get the previously mentioned AccessControlException, which, as far as I can make out, is because DefaultWebSessionManager must be trying to write to disk, and that is forbidden on Google App Engine.

I also tried to do user.getSession().setTimeout(timeoutValue * 1000) immediately after user logs in (with ServletContainerSessionManager active), but that seems to have no effect. httpServletRequest.getSession().setMaxInactiveInterval(timeoutValue) didn't work either.

Any suggestions? There must be a way to set session cookie timeout on GAE using Shiro...


Regards,
Harshdeep S Jawanda

On 13 March 2017 at 20:22, Brian Demers <[hidden email]> wrote:
If you are using a shiro.ini the property would be:
securityManager.sessionManager.sessionIdCookie.maxAge = <int>

Otherwise you can traverse your beans, something like: sessionManger.getSessionIdCookie().setMaxAge(<int>)

On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Hi,

I wondered if anybody could help me with setting the session cookie lifetime for Shiro on GAE.

I tried with DefaultWebSessionManager but I get an AccessControlException:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")

Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but that doesn't work either. The JSESSIONID cookie continues to show an Expires value of "At end of session".

Regards,
Harshdeep S Jawanda








Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Harshdeep S Jawanda

On 16 March 2017 at 19:41, Brian Demers <[hidden email]> wrote:


​And that should solve my problems when using DefaultWebSessionManager?​

Regards,
Harshdeep S Jawanda
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Brian Demers
It should, give it a shot

On Thu, Mar 16, 2017 at 10:49 AM, Harshdeep S Jawanda <[hidden email]> wrote:

On 16 March 2017 at 19:41, Brian Demers <[hidden email]> wrote:


​And that should solve my problems when using DefaultWebSessionManager?​

Regards,
Harshdeep S Jawanda

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Harshdeep S Jawanda
It does stop the exception from happening (a million thanks!!!), but now there's a new issue: the redirection post -login (which was successful: the correct username is printed in the logs) isn't working properly.

Browser gives the message that the website is not redirecting properly. The post-redirect URL (in browser's location bar) looks like: example.com//;JSESSIONID=xyz (in this case it's supposed to redirect back to homepage). I think it's the "//" part that might be causing the problem.

Investigating...

Sent from my Moto X2

On 16-Mar-2017 20:37, "Brian Demers" <[hidden email]> wrote:
It should, give it a shot

On Thu, Mar 16, 2017 at 10:49 AM, Harshdeep S Jawanda <[hidden email]> wrote:

On 16 March 2017 at 19:41, Brian Demers <[hidden email]> wrote:


​And that should solve my problems when using DefaultWebSessionManager?​

Regards,
Harshdeep S Jawanda


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Harshdeep S Jawanda
Btw, per my browser's settings, it does allow cookies.

Sent from my Moto X2

On 16-Mar-2017 21:11, "Harshdeep S Jawanda" <[hidden email]> wrote:
It does stop the exception from happening (a million thanks!!!), but now there's a new issue: the redirection post -login (which was successful: the correct username is printed in the logs) isn't working properly.

Browser gives the message that the website is not redirecting properly. The post-redirect URL (in browser's location bar) looks like: example.com//;JSESSIONID=xyz (in this case it's supposed to redirect back to homepage). I think it's the "//" part that might be causing the problem.

Investigating...

Sent from my Moto X2

On 16-Mar-2017 20:37, "Brian Demers" <[hidden email]> wrote:
It should, give it a shot

On Thu, Mar 16, 2017 at 10:49 AM, Harshdeep S Jawanda <[hidden email]> wrote:

On 16 March 2017 at 19:41, Brian Demers <[hidden email]> wrote:


​And that should solve my problems when using DefaultWebSessionManager?​

Regards,
Harshdeep S Jawanda


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Brian Demers
I usually have url rewriting turned off due to session fixation, but if you put a simple sample together, i bet we can help you out.

On Thu, Mar 16, 2017 at 11:42 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Btw, per my browser's settings, it does allow cookies.

Sent from my Moto X2

On 16-Mar-2017 21:11, "Harshdeep S Jawanda" <[hidden email]> wrote:
It does stop the exception from happening (a million thanks!!!), but now there's a new issue: the redirection post -login (which was successful: the correct username is printed in the logs) isn't working properly.

Browser gives the message that the website is not redirecting properly. The post-redirect URL (in browser's location bar) looks like: example.com//;JSESSIONID=xyz (in this case it's supposed to redirect back to homepage). I think it's the "//" part that might be causing the problem.

Investigating...

Sent from my Moto X2

On 16-Mar-2017 20:37, "Brian Demers" <[hidden email]> wrote:
It should, give it a shot

On Thu, Mar 16, 2017 at 10:49 AM, Harshdeep S Jawanda <[hidden email]> wrote:

On 16 March 2017 at 19:41, Brian Demers <[hidden email]> wrote:


​And that should solve my problems when using DefaultWebSessionManager?​

Regards,
Harshdeep S Jawanda



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Harshdeep S Jawanda
The issue seems to have magically resolved itself: can't reproduce it.

In general, do I need to set the max age of both the cookie and the session, or is it enough to set the max age of the cookie?

Thanks you so much for your help!!

Regards,
Harshdeep S Jawanda

On 16 March 2017 at 21:29, Brian Demers <[hidden email]> wrote:
I usually have url rewriting turned off due to session fixation, but if you put a simple sample together, i bet we can help you out.

On Thu, Mar 16, 2017 at 11:42 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Btw, per my browser's settings, it does allow cookies.

Sent from my Moto X2

On 16-Mar-2017 21:11, "Harshdeep S Jawanda" <[hidden email]> wrote:
It does stop the exception from happening (a million thanks!!!), but now there's a new issue: the redirection post -login (which was successful: the correct username is printed in the logs) isn't working properly.

Browser gives the message that the website is not redirecting properly. The post-redirect URL (in browser's location bar) looks like: example.com//;JSESSIONID=xyz (in this case it's supposed to redirect back to homepage). I think it's the "//" part that might be causing the problem.

Investigating...

Sent from my Moto X2

On 16-Mar-2017 20:37, "Brian Demers" <[hidden email]> wrote:
It should, give it a shot

On Thu, Mar 16, 2017 at 10:49 AM, Harshdeep S Jawanda <[hidden email]> wrote:

On 16 March 2017 at 19:41, Brian Demers <[hidden email]> wrote:


​And that should solve my problems when using DefaultWebSessionManager?​

Regards,
Harshdeep S Jawanda




Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Setting login expiry for Shiro on GAE

Brian Demers
You can set them both.  The session timeout refers to the interval between requests (default to 30 min).  So if a user doesn't make a request for 30 min the session becomes inactive.

The cookie timeout is how long the cookie should live on the client (defaults to when the browser closes).

If a user does NOT make a request in 30 minute, the cookie would be removed, and user redirected to the login page.



On Thu, Mar 16, 2017 at 12:27 PM, Harshdeep S Jawanda <[hidden email]> wrote:
The issue seems to have magically resolved itself: can't reproduce it.

In general, do I need to set the max age of both the cookie and the session, or is it enough to set the max age of the cookie?

Thanks you so much for your help!!

Regards,
Harshdeep S Jawanda

On 16 March 2017 at 21:29, Brian Demers <[hidden email]> wrote:
I usually have url rewriting turned off due to session fixation, but if you put a simple sample together, i bet we can help you out.

On Thu, Mar 16, 2017 at 11:42 AM, Harshdeep S Jawanda <[hidden email]> wrote:
Btw, per my browser's settings, it does allow cookies.

Sent from my Moto X2

On 16-Mar-2017 21:11, "Harshdeep S Jawanda" <[hidden email]> wrote:
It does stop the exception from happening (a million thanks!!!), but now there's a new issue: the redirection post -login (which was successful: the correct username is printed in the logs) isn't working properly.

Browser gives the message that the website is not redirecting properly. The post-redirect URL (in browser's location bar) looks like: example.com//;JSESSIONID=xyz (in this case it's supposed to redirect back to homepage). I think it's the "//" part that might be causing the problem.

Investigating...

Sent from my Moto X2

On 16-Mar-2017 20:37, "Brian Demers" <[hidden email]> wrote:
It should, give it a shot

On Thu, Mar 16, 2017 at 10:49 AM, Harshdeep S Jawanda <[hidden email]> wrote:

On 16 March 2017 at 19:41, Brian Demers <[hidden email]> wrote:


​And that should solve my problems when using DefaultWebSessionManager?​

Regards,
Harshdeep S Jawanda





Loading...