session inactivity time is a configurable parameter

289eff0e · Piotr Gawron · 1bdd52fc · 289eff0e · 289eff0e · 289eff0e
Commit 289eff0e authored 6 years ago by Piotr Gawron
--- a/commons/src/main/java/lcsb/mapviewer/common/Configuration.java
+++ b/commons/src/main/java/lcsb/mapviewer/common/Configuration.java
@@ -100,6 +100,11 @@ public final class Configuration {
   */
  public static final String ANONYMOUS_LOGIN = "anonymous";

+  /**
+   * Max session length in seconds.
+   */
+  private static int sessionLength = 60 * 120;
+
  /**
   * Should the application cache be turned on.
   */
@@ -425,4 +430,12 @@ public final class Configuration {
    return result;
  }

+  public static int getSessionLength() {
+    return sessionLength;
+  }
+
+  public static void setSessionLength(int sessionLength) {
+    Configuration.sessionLength = sessionLength;
+  }
+
 }
--- a/model/src/main/java/lcsb/mapviewer/model/user/ConfigurationElementType.java
+++ b/model/src/main/java/lcsb/mapviewer/model/user/ConfigurationElementType.java
@@ -285,6 +285,9 @@ public enum ConfigurationElementType {
  SHOW_ELEMENT_ANNOTATIONS("Show element annotations", "true", ConfigurationElementEditType.BOOLEAN, false,
      ConfigurationElementTypeGroup.SEARCH_VISIBLE_PARAMETERS),

+  SESSION_LENGTH("Max session inactivity time (in seconds)", "7200", ConfigurationElementEditType.INTEGER, false,
+      ConfigurationElementTypeGroup.SERVER_CONFIGURATION), //
+

  ;


--- a/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
@@ -70,6 +70,8 @@ public class UserController extends BaseController {
      Authentication authentication = this.authenticationProvider.authenticate(springToken);
      SecurityContextHolder.getContext().setAuthentication(authentication);

+      request.getSession().setMaxInactiveInterval(Configuration.getSessionLength());
+
      userService.login(login, password, request.getSession().getId());

      Map<String, Object> result = new TreeMap<>();

--- a/service/src/main/java/lcsb/mapviewer/services/impl/ConfigurationService.java
+++ b/service/src/main/java/lcsb/mapviewer/services/impl/ConfigurationService.java
@@ -4,12 +4,15 @@ import java.util.ArrayList;
 import java.util.List;

 import org.apache.commons.lang3.EnumUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;

 import lcsb.mapviewer.common.Configuration;
 import lcsb.mapviewer.common.FrameworkVersion;
+import lcsb.mapviewer.common.exception.InvalidArgumentException;
+import lcsb.mapviewer.model.user.ConfigurationElementEditType;
 import lcsb.mapviewer.model.user.ConfigurationElementType;
 import lcsb.mapviewer.model.user.ConfigurationOption;
 import lcsb.mapviewer.model.user.PrivilegeType;
@@ -62,6 +65,11 @@ public class ConfigurationService implements IConfigurationService {
      configuration = new ConfigurationOption();
      configuration.setType(type);
    }
+    if (type.getEditType().equals(ConfigurationElementEditType.INTEGER)) {
+      if (!StringUtils.isNumeric(value)) {
+        throw new InvalidArgumentException(type + " must be an integer");
+      }
+    }
    configuration.setValue(value);
    configurationDao.add(configuration);

@@ -70,6 +78,8 @@ public class ConfigurationService implements IConfigurationService {
      for (String domain : getConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN).split(";")) {
        Configuration.getxFrameDomain().add(domain);
      }
+    } else if (type.equals(ConfigurationElementType.SESSION_LENGTH)) {
+      Configuration.setSessionLength(Integer.valueOf(value));
    }
  }


--- a/web/src/main/java/lcsb/mapviewer/bean/utils/StartupBean.java
+++ b/web/src/main/java/lcsb/mapviewer/bean/utils/StartupBean.java
@@ -76,10 +76,21 @@ public class StartupBean {

    setInterruptedProjectsStatuses();
    modifyXFrameDomain();
+    setSessionLength();
    removeInterruptedReferenceGenomeDownloads();
    logger.debug("Application startup script ends");
  }

+  private void setSessionLength() {
+    try {
+      String sessionLength = configurationService.getConfigurationValue(ConfigurationElementType.SESSION_LENGTH);
+      Integer value = Integer.valueOf(sessionLength);
+      Configuration.setSessionLength(value);
+    } catch (Exception e) {
+      logger.error("Problem with setting default session length.", e);
+    }
+  }
+
  private void modifyXFrameDomain() {
    try {
      for (String domain : configurationService.getConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN)

--- a/web/src/main/java/lcsb/mapviewer/bean/utils/XFrameAccessControlFilter.java
+++ b/web/src/main/java/lcsb/mapviewer/bean/utils/XFrameAccessControlFilter.java
@@ -45,7 +45,7 @@ public class XFrameAccessControlFilter implements Filter {
        value += domain + " ";
      }
    }
-    
+
    if (!value.equals("frame-ancestors ")) {
      response.addHeader("Content-Security-Policy", value);
    } else {

--- a/web/src/main/java/lcsb/mapviewer/security/MvAuthenticationSuccessHandler.java
+++ b/web/src/main/java/lcsb/mapviewer/security/MvAuthenticationSuccessHandler.java
@@ -6,13 +6,13 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

-import lcsb.mapviewer.common.Configuration;
-
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;

+import lcsb.mapviewer.common.Configuration;
+
 /**
 * Implementation of Spring Authentication Success Handler. When authentication
 * is success, it will redirect user to the web page that had accessed before
@@ -22,27 +22,20 @@ import org.springframework.security.web.savedrequest.SavedRequest;
 */

 public class MvAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
-  /**
-   * Default session expire time in seconds (120 minutes).
-   */
-  private static final Integer MAX_INACTIVE_INTERVAL = 120 * 60;

  @Override
-  public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException,
-          ServletException {
-
-    request.getSession().setMaxInactiveInterval(MAX_INACTIVE_INTERVAL);
+  public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+      Authentication authentication) throws IOException, ServletException {

    SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
    String url = request.getParameter("from");

-
    // if we are not redirecting from somewhere then
    if ((url != null && !url.isEmpty())) {
      logger.debug("Found redirect URL");
    } else if (savedRequest == null) {
      logger.debug(request.getRequestURL());
-      //redirect to the main page
+      // redirect to the main page
      url = request.getRequestURL().toString().replace(request.getServletPath(), "") + Configuration.MAIN_PAGE;

      String queryString = request.getQueryString();