From 6e2d07585757ffe5bff28f292668aa8960d9bab8 Mon Sep 17 00:00:00 2001 From: "Carlos A. Munoz" Date: Sat, 26 Sep 2015 17:55:06 +1000 Subject: [PATCH] fix(ZNTA-634): increase session timeout For authenticated users. Value is determined by components.xml Session timeout gets increased after logging in, and reverts back after logging out. --- .../org/zanata/ApplicationConfiguration.java | 26 +++++++++++++++++++ .../events/{Logout.java => LogoutEvent.java} | 4 +-- .../org/zanata/security/ZanataIdentity.java | 6 ++--- .../TranslationWorkspaceManagerImpl.java | 7 +++-- 4 files changed, 33 insertions(+), 10 deletions(-) rename zanata-war/src/main/java/org/zanata/events/{Logout.java => LogoutEvent.java} (95%) diff --git a/zanata-war/src/main/java/org/zanata/ApplicationConfiguration.java b/zanata-war/src/main/java/org/zanata/ApplicationConfiguration.java index c630211a6a..951d8a48a3 100644 --- a/zanata-war/src/main/java/org/zanata/ApplicationConfiguration.java +++ b/zanata-war/src/main/java/org/zanata/ApplicationConfiguration.java @@ -51,6 +51,8 @@ import org.zanata.config.JaasConfig; import org.zanata.config.JndiBackedConfig; import org.zanata.events.ConfigurationChanged; +import org.zanata.events.LogoutEvent; +import org.zanata.events.PostAuthenticateEvent; import org.zanata.i18n.Messages; import org.zanata.log4j.ZanataHTMLLayout; import org.zanata.log4j.ZanataSMTPAppender; @@ -76,6 +78,9 @@ public class ApplicationConfiguration implements Serializable { @Getter private static final int defaultMaxFilesPerUpload = 100; + @Getter + private static final int defaultAnonymousSessionTimeoutMinutes = 30; + @In private DatabaseBackedConfig databaseBackedConfig; @In @@ -408,4 +413,25 @@ public String copyrightNotice() { return msgs.format("jsf.CopyrightNotice", String.valueOf(Calendar.getInstance().get(Calendar.YEAR))); } + + @Observer(PostAuthenticateEvent.EVENT_NAME) + public void setAuthenticatedSessionTimeout( + @Observes PostAuthenticateEvent payload) { + ServletContexts + .getInstance() + .getRequest() + .getSession() + .setMaxInactiveInterval( + authenticatedSessionTimeoutMinutes * 60); + } + + @Observer(LogoutEvent.EVENT_NAME) + public void setUnauthenticatedSessionTimeout(@Observes LogoutEvent payload) { + ServletContexts + .getInstance() + .getRequest() + .getSession() + .setMaxInactiveInterval( + defaultAnonymousSessionTimeoutMinutes * 60); + } } diff --git a/zanata-war/src/main/java/org/zanata/events/Logout.java b/zanata-war/src/main/java/org/zanata/events/LogoutEvent.java similarity index 95% rename from zanata-war/src/main/java/org/zanata/events/Logout.java rename to zanata-war/src/main/java/org/zanata/events/LogoutEvent.java index d6a3351edb..2db15a4e38 100644 --- a/zanata-war/src/main/java/org/zanata/events/Logout.java +++ b/zanata-war/src/main/java/org/zanata/events/LogoutEvent.java @@ -22,13 +22,11 @@ import lombok.Value; -import org.zanata.security.AuthenticationType; - /** * @author Sean Flanigan sflaniga@redhat.com */ @Value -public class Logout { +public class LogoutEvent { // TODO remove constant after switching to CDI // NB must be a constant string equal to class name public static final String EVENT_NAME = "org.zanata.events.Logout"; diff --git a/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java b/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java index 42dff6611d..1a4718fda4 100644 --- a/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java +++ b/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java @@ -53,7 +53,7 @@ import org.zanata.events.AlreadyLoggedInEvent; import org.zanata.events.LoginFailedEvent; import org.zanata.events.LoginSuccessfulEvent; -import org.zanata.events.Logout; +import org.zanata.events.LogoutEvent; import org.zanata.events.NotLoggedInEvent; import org.zanata.model.HAccount; import org.zanata.model.HasUserFriendlyToString; @@ -181,7 +181,7 @@ public void acceptExternallyAuthenticatedPrincipal(Principal principal) { @Observer("org.jboss.seam.preDestroyContext.SESSION") public void logout() { if (getCredentials() != null) { - getLogoutEvent().fire(new Logout(getCredentials().getUsername())); + getLogoutEvent().fire(new LogoutEvent(getCredentials().getUsername())); } if (isLoggedIn()) { unAuthenticate(); @@ -189,7 +189,7 @@ public void logout() { } } - private Event getLogoutEvent() { + private Event getLogoutEvent() { return ServiceLocator.instance().getInstance("event", Event.class); } diff --git a/zanata-war/src/main/java/org/zanata/webtrans/server/TranslationWorkspaceManagerImpl.java b/zanata-war/src/main/java/org/zanata/webtrans/server/TranslationWorkspaceManagerImpl.java index d037802eae..3c947347aa 100644 --- a/zanata-war/src/main/java/org/zanata/webtrans/server/TranslationWorkspaceManagerImpl.java +++ b/zanata-war/src/main/java/org/zanata/webtrans/server/TranslationWorkspaceManagerImpl.java @@ -23,9 +23,8 @@ import org.zanata.common.EntityStatus; import org.zanata.common.ProjectType; import org.zanata.dao.AccountDAO; -import org.zanata.dao.ProjectDAO; import org.zanata.dao.ProjectIterationDAO; -import org.zanata.events.Logout; +import org.zanata.events.LogoutEvent; import org.zanata.events.ProjectIterationUpdate; import org.zanata.events.ProjectUpdate; import org.zanata.events.ServerStarted; @@ -130,8 +129,8 @@ public void start(@Observes ServerStarted payload) { log.info("starting..."); } - @Observer(Logout.EVENT_NAME) - public void exitWorkspace(@Observes Logout payload) { + @Observer(LogoutEvent.EVENT_NAME) + public void exitWorkspace(@Observes LogoutEvent payload) { exitWorkspace(payload.getUsername()); }