Commit 289eff0e authored by Piotr Gawron's avatar Piotr Gawron
Browse files

session inactivity time is a configurable parameter

parent 1bdd52fc
......@@ -100,6 +100,11 @@ public final class Configuration {
*/
public static final String ANONYMOUS_LOGIN = "anonymous";
/**
* Max session length in seconds.
*/
private static int sessionLength = 60 * 120;
/**
* Should the application cache be turned on.
*/
......@@ -425,4 +430,12 @@ public final class Configuration {
return result;
}
public static int getSessionLength() {
return sessionLength;
}
public static void setSessionLength(int sessionLength) {
Configuration.sessionLength = sessionLength;
}
}
......@@ -285,6 +285,9 @@ public enum ConfigurationElementType {
SHOW_ELEMENT_ANNOTATIONS("Show element annotations", "true", ConfigurationElementEditType.BOOLEAN, false,
ConfigurationElementTypeGroup.SEARCH_VISIBLE_PARAMETERS),
SESSION_LENGTH("Max session inactivity time (in seconds)", "7200", ConfigurationElementEditType.INTEGER, false,
ConfigurationElementTypeGroup.SERVER_CONFIGURATION), //
;
......
......@@ -70,6 +70,8 @@ public class UserController extends BaseController {
Authentication authentication = this.authenticationProvider.authenticate(springToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
request.getSession().setMaxInactiveInterval(Configuration.getSessionLength());
userService.login(login, password, request.getSession().getId());
Map<String, Object> result = new TreeMap<>();
......
......@@ -4,12 +4,15 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang3.EnumUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
import lcsb.mapviewer.common.Configuration;
import lcsb.mapviewer.common.FrameworkVersion;
import lcsb.mapviewer.common.exception.InvalidArgumentException;
import lcsb.mapviewer.model.user.ConfigurationElementEditType;
import lcsb.mapviewer.model.user.ConfigurationElementType;
import lcsb.mapviewer.model.user.ConfigurationOption;
import lcsb.mapviewer.model.user.PrivilegeType;
......@@ -62,6 +65,11 @@ public class ConfigurationService implements IConfigurationService {
configuration = new ConfigurationOption();
configuration.setType(type);
}
if (type.getEditType().equals(ConfigurationElementEditType.INTEGER)) {
if (!StringUtils.isNumeric(value)) {
throw new InvalidArgumentException(type + " must be an integer");
}
}
configuration.setValue(value);
configurationDao.add(configuration);
......@@ -70,6 +78,8 @@ public class ConfigurationService implements IConfigurationService {
for (String domain : getConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN).split(";")) {
Configuration.getxFrameDomain().add(domain);
}
} else if (type.equals(ConfigurationElementType.SESSION_LENGTH)) {
Configuration.setSessionLength(Integer.valueOf(value));
}
}
......
......@@ -76,10 +76,21 @@ public class StartupBean {
setInterruptedProjectsStatuses();
modifyXFrameDomain();
setSessionLength();
removeInterruptedReferenceGenomeDownloads();
logger.debug("Application startup script ends");
}
private void setSessionLength() {
try {
String sessionLength = configurationService.getConfigurationValue(ConfigurationElementType.SESSION_LENGTH);
Integer value = Integer.valueOf(sessionLength);
Configuration.setSessionLength(value);
} catch (Exception e) {
logger.error("Problem with setting default session length.", e);
}
}
private void modifyXFrameDomain() {
try {
for (String domain : configurationService.getConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN)
......
......@@ -45,7 +45,7 @@ public class XFrameAccessControlFilter implements Filter {
value += domain + " ";
}
}
if (!value.equals("frame-ancestors ")) {
response.addHeader("Content-Security-Policy", value);
} else {
......
......@@ -6,13 +6,13 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lcsb.mapviewer.common.Configuration;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import lcsb.mapviewer.common.Configuration;
/**
* Implementation of Spring Authentication Success Handler. When authentication
* is success, it will redirect user to the web page that had accessed before
......@@ -22,27 +22,20 @@ import org.springframework.security.web.savedrequest.SavedRequest;
*/
public class MvAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
/**
* Default session expire time in seconds (120 minutes).
*/
private static final Integer MAX_INACTIVE_INTERVAL = 120 * 60;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException,
ServletException {
request.getSession().setMaxInactiveInterval(MAX_INACTIVE_INTERVAL);
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
String url = request.getParameter("from");
// if we are not redirecting from somewhere then
if ((url != null && !url.isEmpty())) {
logger.debug("Found redirect URL");
} else if (savedRequest == null) {
logger.debug(request.getRequestURL());
//redirect to the main page
// redirect to the main page
url = request.getRequestURL().toString().replace(request.getServletPath(), "") + Configuration.MAIN_PAGE;
String queryString = request.getQueryString();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment