diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java b/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java index 469a86fd..705a48ed 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java +++ b/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java @@ -173,11 +173,11 @@ public class RAPConfiguration implements ApplicationConfiguration { final Integer sessionTimeout = environment.getProperty( ATTR_USER_SESSION_TIMEOUT, Integer.class, - -1); + 18000); httpSession.setMaxInactiveInterval(sessionTimeout); } else { - httpSession.setMaxInactiveInterval(-1); + httpSession.setMaxInactiveInterval(18000); } final EntryPointService entryPointService = webApplicationContext diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/ExamDAOImpl.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/ExamDAOImpl.java index b9d997e4..f03910fb 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/ExamDAOImpl.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/ExamDAOImpl.java @@ -137,13 +137,11 @@ public class ExamDAOImpl implements ExamDAO { } @Override - @Transactional(readOnly = true) public Result> allInstitutionIdsByQuizId(final String quizId) { return this.examRecordDAO.allInstitutionIdsByQuizId(quizId); } @Override - @Transactional(readOnly = true) public Result> allMatching(final FilterMap filterMap, final Predicate predicate) { return Result.tryCatch(() -> { @@ -181,7 +179,6 @@ public class ExamDAOImpl implements ExamDAO { } @Override - @Transactional public Result updateState(final Long examId, final ExamStatus status, final String updateId) { return this.examRecordDAO .updateState(examId, status, updateId) @@ -196,7 +193,6 @@ public class ExamDAOImpl implements ExamDAO { } @Override - @Transactional public Result setSEBRestriction(final Long examId, final boolean sebRestriction) { return this.examRecordDAO .setSEBRestriction(examId, sebRestriction) @@ -204,7 +200,6 @@ public class ExamDAOImpl implements ExamDAO { } @Override - @Transactional public Result createNew(final Exam exam) { return this.examRecordDAO .createNew(exam) @@ -298,7 +293,6 @@ public class ExamDAOImpl implements ExamDAO { } @Override - @Transactional(readOnly = true) public Result> allForEndCheck() { return this.examRecordDAO .allForEndCheck() @@ -409,7 +403,6 @@ public class ExamDAOImpl implements ExamDAO { } @Override - @Transactional(readOnly = true) public Result isLocked(final Long examId) { return this.examRecordDAO .recordById(examId) @@ -543,7 +536,6 @@ public class ExamDAOImpl implements ExamDAO { } @Override - @Transactional(readOnly = true) public Result> allOf(final Set pks) { return this.examRecordDAO .allOf(pks) diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java index e904e8d2..568391da 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java @@ -10,6 +10,7 @@ package ch.ethz.seb.sebserver.webservice.weblayer.oauth; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.authentication.AuthenticationManager; @@ -55,6 +56,10 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap @Autowired @Qualifier(WebServiceSecurityConfig.AUTHENTICATION_MANAGER) private AuthenticationManager authenticationManager; + @Value("${sebserver.webservice.api.admin.accessTokenValiditySeconds:3600}") + private Integer adminAccessTokenValSec; + @Value("${sebserver.webservice.api.admin.refreshTokenValiditySeconds:-1}") + private Integer adminRefreshTokenValSec; @Override public void configure(final AuthorizationServerSecurityConfigurer oauthServer) { @@ -78,7 +83,10 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap defaultTokenServices.setTokenStore(this.tokenStore); defaultTokenServices.setAuthenticationManager(this.authenticationManager); defaultTokenServices.setSupportRefreshToken(true); + defaultTokenServices.setReuseRefreshToken(true); defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter); + defaultTokenServices.setAccessTokenValiditySeconds(this.adminAccessTokenValSec); + defaultTokenServices.setRefreshTokenValiditySeconds(this.adminRefreshTokenValSec); endpoints .tokenStore(this.tokenStore) diff --git a/src/main/resources/config/application-gui.properties b/src/main/resources/config/application-gui.properties index 7911fbbe..25465c53 100644 --- a/src/main/resources/config/application-gui.properties +++ b/src/main/resources/config/application-gui.properties @@ -1,7 +1,7 @@ ########################################################## ### SEB Server GUI configuration -sebserver.gui.session.timeout=-1 +sebserver.gui.session.timeout=18000 # theme sebserver.gui.theme=css/sebserver.css