Merge branch 'sso' into 'master'

Increasing the session time for 1h.

Closes product-iots#905

See merge request entgra/carbon-device-mgt!774

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java

@@ -31,6 +31,7 @@ public class UIConfiguration {
     private AppRegistration appRegistration;
     private List<String> scopes;
     private boolean isSsoEnable;
+    private int sessionTimeOut;
 
     @XmlElement(name = "AppRegistration", required=true)
     public AppRegistration getAppRegistration() {
@@ -59,4 +60,13 @@ public class UIConfiguration {
     public void setSsoEnable(boolean ssoEnable) {
         isSsoEnable = ssoEnable;
     }
+
+    @XmlElement(name = "SessionTimeOut")
+    public int getSessionTimeOut() {
+        return sessionTimeOut;
+    }
+
+    public void setSessionTimeOut(int sessionTimeOut) {
+        this.sessionTimeOut = sessionTimeOut;
+    }
 }

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java

@@ -39,6 +39,7 @@ import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.protocol.HTTP;
 import io.entgra.ui.request.interceptor.beans.ProxyResponse;
+import org.json.JSONString;
 
 import javax.servlet.annotation.MultipartConfig;
 import javax.servlet.annotation.WebServlet;
@@ -69,13 +70,14 @@ public class LoginHandler extends HttpServlet {
                 httpSession.invalidate();
             }
             httpSession = req.getSession(true);
-            //setting session to expiry in 5 minutes
-            httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));
 
             JsonObject uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp);
-
             JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
             JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
+            int sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut")));
+
+            //setting session to expire in 1h
+            httpSession.setMaxInactiveInterval(sessionTimeOut);
 
             // Check if OAuth app cache exists. If not create a new application.
             LoginCacheManager loginCacheManager = new LoginCacheManager();

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java

@@ -72,6 +72,7 @@ public class SsoLoginHandler extends HttpServlet {
     private static String adminPassword;
     private static String gatewayUrl;
     private static String iotsCoreUrl;
+    private static int sessionTimeOut;
     private static String encodedAdminCredentials;
     private static String encodedClientApp;
     private static String applicationId;
@@ -93,7 +94,7 @@ public class SsoLoginHandler extends HttpServlet {
             }
 
             httpSession = req.getSession(true);
-            httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));
+
             initializeAdminCredentials();
             baseContextPath = req.getContextPath();
             applicationName = baseContextPath.substring(1, baseContextPath.indexOf("-ui-request-handler"));
@@ -157,6 +158,7 @@ public class SsoLoginHandler extends HttpServlet {
             uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp);
             JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
             JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
+            sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut")));
 
             // Register the client application
             HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT);
@@ -294,6 +296,7 @@ public class SsoLoginHandler extends HttpServlet {
         httpSession.setAttribute("encodedClientApp", encodedClientApp);
         httpSession.setAttribute("scope", scopes);
         httpSession.setAttribute("redirectUrl", req.getParameter("redirect"));
+        httpSession.setMaxInactiveInterval(sessionTimeOut);
     }
 
     /***

features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml

@@ -20,6 +20,8 @@
 <UIConfiguration>
     <EnableOAuth>true</EnableOAuth>
     <EnableSSO>true</EnableSSO>
+    <!-- session time out in seconds -->
+    <SessionTimeOut>3600</SessionTimeOut>
     <AppRegistration>
         <Tags>
             <Tag>application_management</Tag>