Increase session time for sso and non-sso login.

4 years ago · a1567d8a3d
parent a136fa4901
commit a1567d8a3d
4 changed files with 21 additions and 4 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java
@ -31,6 +31,7 @@ public class UIConfiguration {
    private AppRegistration appRegistration;
    private List<String> scopes;
    private boolean isSsoEnable;
+    private int sessionTimeOut;

    @XmlElement(name = "AppRegistration", required=true)
    public AppRegistration getAppRegistration() {
@ -59,4 +60,13 @@ public class UIConfiguration {
    public void setSsoEnable(boolean ssoEnable) {
        isSsoEnable = ssoEnable;
    }
+
+    @XmlElement(name = "SessionTimeOut")
+    public int getSessionTimeOut() {
+        return sessionTimeOut;
+    }
+
+    public void setSessionTimeOut(int sessionTimeOut) {
+        this.sessionTimeOut = sessionTimeOut;
+    }
 }
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java
@ -39,6 +39,7 @@ import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.protocol.HTTP;
 import io.entgra.ui.request.interceptor.beans.ProxyResponse;
+import org.json.JSONString;

 import javax.servlet.annotation.MultipartConfig;
 import javax.servlet.annotation.WebServlet;
@ -69,13 +70,14 @@ public class LoginHandler extends HttpServlet {
                httpSession.invalidate();
            }
            httpSession = req.getSession(true);
-            //setting session to expiry in 5 minutes
-            httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));

            JsonObject uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp);
-
            JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
            JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
+            int sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut")));
+
+            //setting session to expire in 1h
+            httpSession.setMaxInactiveInterval(sessionTimeOut);

            // Check if OAuth app cache exists. If not create a new application.
            LoginCacheManager loginCacheManager = new LoginCacheManager();
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java
@ -72,6 +72,7 @@ public class SsoLoginHandler extends HttpServlet {
    private static String adminPassword;
    private static String gatewayUrl;
    private static String iotsCoreUrl;
+    private static int sessionTimeOut;
    private static String encodedAdminCredentials;
    private static String encodedClientApp;
    private static String applicationId;
@ -93,7 +94,7 @@ public class SsoLoginHandler extends HttpServlet {
            }

            httpSession = req.getSession(true);
-            httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));
+
            initializeAdminCredentials();
            baseContextPath = req.getContextPath();
            applicationName = baseContextPath.substring(1, baseContextPath.indexOf("-ui-request-handler"));
@ -157,6 +158,7 @@ public class SsoLoginHandler extends HttpServlet {
            uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp);
            JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
            JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
+            sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut")));

            // Register the client application
            HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT);
@ -294,6 +296,7 @@ public class SsoLoginHandler extends HttpServlet {
        httpSession.setAttribute("encodedClientApp", encodedClientApp);
        httpSession.setAttribute("scope", scopes);
        httpSession.setAttribute("redirectUrl", req.getParameter("redirect"));
+        httpSession.setMaxInactiveInterval(sessionTimeOut);
    }

    /***
--- a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
@ -20,6 +20,8 @@
 <UIConfiguration>
    <EnableOAuth>true</EnableOAuth>
    <EnableSSO>true</EnableSSO>
+    <!-- session time out in seconds -->
+    <SessionTimeOut>3600</SessionTimeOut>
    <AppRegistration>
        <Tags>
            <Tag>application_management</Tag>