fixed GUI session timout, set default to 18000

2022-02-08 11:18:01 +01:00 · 2022-02-08 11:18:01 +01:00 · a01ed72d57
commit a01ed72d57
parent d6c000b513
4 changed files with 11 additions and 11 deletions
--- a/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java
@ -173,11 +173,11 @@ public class RAPConfiguration implements ApplicationConfiguration {
                        final Integer sessionTimeout = environment.getProperty(
                                ATTR_USER_SESSION_TIMEOUT,
                                Integer.class,
-                                -1);
+                                18000);

                        httpSession.setMaxInactiveInterval(sessionTimeout);
                    } else {
-                        httpSession.setMaxInactiveInterval(-1);
+                        httpSession.setMaxInactiveInterval(18000);
                    }

                    final EntryPointService entryPointService = webApplicationContext
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/ExamDAOImpl.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/ExamDAOImpl.java
@ -137,13 +137,11 @@ public class ExamDAOImpl implements ExamDAO {
    }

    @Override
-    @Transactional(readOnly = true)
    public Result<Collection<Long>> allInstitutionIdsByQuizId(final String quizId) {
        return this.examRecordDAO.allInstitutionIdsByQuizId(quizId);
    }

    @Override
-    @Transactional(readOnly = true)
    public Result<Collection<Exam>> allMatching(final FilterMap filterMap, final Predicate<Exam> predicate) {

        return Result.tryCatch(() -> {
@ -181,7 +179,6 @@ public class ExamDAOImpl implements ExamDAO {
    }

    @Override
-    @Transactional
    public Result<Exam> updateState(final Long examId, final ExamStatus status, final String updateId) {
        return this.examRecordDAO
                .updateState(examId, status, updateId)
@ -196,7 +193,6 @@ public class ExamDAOImpl implements ExamDAO {
    }

    @Override
-    @Transactional
    public Result<Exam> setSEBRestriction(final Long examId, final boolean sebRestriction) {
        return this.examRecordDAO
                .setSEBRestriction(examId, sebRestriction)
@ -204,7 +200,6 @@ public class ExamDAOImpl implements ExamDAO {
    }

    @Override
-    @Transactional
    public Result<Exam> createNew(final Exam exam) {
        return this.examRecordDAO
                .createNew(exam)
@ -298,7 +293,6 @@ public class ExamDAOImpl implements ExamDAO {
    }

    @Override
-    @Transactional(readOnly = true)
    public Result<Collection<Exam>> allForEndCheck() {
        return this.examRecordDAO
                .allForEndCheck()
@ -409,7 +403,6 @@ public class ExamDAOImpl implements ExamDAO {
    }

    @Override
-    @Transactional(readOnly = true)
    public Result<Boolean> isLocked(final Long examId) {
        return this.examRecordDAO
                .recordById(examId)
@ -543,7 +536,6 @@ public class ExamDAOImpl implements ExamDAO {
    }

    @Override
-    @Transactional(readOnly = true)
    public Result<Collection<Exam>> allOf(final Set<Long> pks) {
        return this.examRecordDAO
                .allOf(pks)
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java
@ -10,6 +10,7 @@ package ch.ethz.seb.sebserver.webservice.weblayer.oauth;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
@ -55,6 +56,10 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
    @Autowired
    @Qualifier(WebServiceSecurityConfig.AUTHENTICATION_MANAGER)
    private AuthenticationManager authenticationManager;
+    @Value("${sebserver.webservice.api.admin.accessTokenValiditySeconds:3600}")
+    private Integer adminAccessTokenValSec;
+    @Value("${sebserver.webservice.api.admin.refreshTokenValiditySeconds:-1}")
+    private Integer adminRefreshTokenValSec;

    @Override
    public void configure(final AuthorizationServerSecurityConfigurer oauthServer) {
@ -78,7 +83,10 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
        defaultTokenServices.setTokenStore(this.tokenStore);
        defaultTokenServices.setAuthenticationManager(this.authenticationManager);
        defaultTokenServices.setSupportRefreshToken(true);
+        defaultTokenServices.setReuseRefreshToken(true);
        defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter);
+        defaultTokenServices.setAccessTokenValiditySeconds(this.adminAccessTokenValSec);
+        defaultTokenServices.setRefreshTokenValiditySeconds(this.adminRefreshTokenValSec);

        endpoints
                .tokenStore(this.tokenStore)
--- a/src/main/resources/config/application-gui.properties
+++ b/src/main/resources/config/application-gui.properties
@ -1,7 +1,7 @@
 ##########################################################
 ### SEB Server GUI configuration

-sebserver.gui.session.timeout=-1
+sebserver.gui.session.timeout=18000

 # theme
 sebserver.gui.theme=css/sebserver.css