From a1567d8a3ded0ab3a0076add05a1b6064808fba3 Mon Sep 17 00:00:00 2001
From: MalshaPiumini <malsha98@yahoo.com>
Date: Mon, 24 May 2021 22:36:09 +0530
Subject: [PATCH] Increase session time for sso and non-sso login.

---
 .../device/mgt/core/config/ui/UIConfiguration.java     | 10 ++++++++++
 .../io/entgra/ui/request/interceptor/LoginHandler.java |  8 +++++---
 .../entgra/ui/request/interceptor/SsoLoginHandler.java |  5 ++++-
 .../src/main/resources/conf/mdm-ui-config.xml          |  2 ++
 4 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java
index 914597687c1..1c4a1e91cdf 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java
@@ -31,6 +31,7 @@ public class UIConfiguration {
     private AppRegistration appRegistration;
     private List<String> scopes;
     private boolean isSsoEnable;
+    private int sessionTimeOut;
 
     @XmlElement(name = "AppRegistration", required=true)
     public AppRegistration getAppRegistration() {
@@ -59,4 +60,13 @@ public class UIConfiguration {
     public void setSsoEnable(boolean ssoEnable) {
         isSsoEnable = ssoEnable;
     }
+
+    @XmlElement(name = "SessionTimeOut")
+    public int getSessionTimeOut() {
+        return sessionTimeOut;
+    }
+
+    public void setSessionTimeOut(int sessionTimeOut) {
+        this.sessionTimeOut = sessionTimeOut;
+    }
 }
diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java
index e4246fbfc09..60dd31ab2de 100644
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java
@@ -39,6 +39,7 @@ import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.protocol.HTTP;
 import io.entgra.ui.request.interceptor.beans.ProxyResponse;
+import org.json.JSONString;
 
 import javax.servlet.annotation.MultipartConfig;
 import javax.servlet.annotation.WebServlet;
@@ -69,13 +70,14 @@ public class LoginHandler extends HttpServlet {
                 httpSession.invalidate();
             }
             httpSession = req.getSession(true);
-            //setting session to expiry in 5 minutes
-            httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));
 
             JsonObject uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp);
-
             JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
             JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
+            int sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut")));
+
+            //setting session to expire in 1h
+            httpSession.setMaxInactiveInterval(sessionTimeOut);
 
             // Check if OAuth app cache exists. If not create a new application.
             LoginCacheManager loginCacheManager = new LoginCacheManager();
diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java
index e23019d2c86..fb4f93b0c92 100644
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java
@@ -72,6 +72,7 @@ public class SsoLoginHandler extends HttpServlet {
     private static String adminPassword;
     private static String gatewayUrl;
     private static String iotsCoreUrl;
+    private static int sessionTimeOut;
     private static String encodedAdminCredentials;
     private static String encodedClientApp;
     private static String applicationId;
@@ -93,7 +94,7 @@ public class SsoLoginHandler extends HttpServlet {
             }
 
             httpSession = req.getSession(true);
-            httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));
+
             initializeAdminCredentials();
             baseContextPath = req.getContextPath();
             applicationName = baseContextPath.substring(1, baseContextPath.indexOf("-ui-request-handler"));
@@ -157,6 +158,7 @@ public class SsoLoginHandler extends HttpServlet {
             uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp);
             JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
             JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
+            sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut")));
 
             // Register the client application
             HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT);
@@ -294,6 +296,7 @@ public class SsoLoginHandler extends HttpServlet {
         httpSession.setAttribute("encodedClientApp", encodedClientApp);
         httpSession.setAttribute("scope", scopes);
         httpSession.setAttribute("redirectUrl", req.getParameter("redirect"));
+        httpSession.setMaxInactiveInterval(sessionTimeOut);
     }
 
     /***
diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
index 3a425274f1f..eba51b1d840 100644
--- a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
@@ -20,6 +20,8 @@
 <UIConfiguration>
     <EnableOAuth>true</EnableOAuth>
     <EnableSSO>true</EnableSSO>
+    <!-- session time out in seconds -->
+    <SessionTimeOut>3600</SessionTimeOut>
     <AppRegistration>
         <Tags>
             <Tag>application_management</Tag>