Update idle times

399fb94c · Joze RIHTARSIC · dadacf18 · 399fb94c · 399fb94c · 399fb94c
Commit 399fb94c authored 3 years ago by Joze RIHTARSIC
--- a/pom.xml
+++ b/pom.xml
@@ -35,7 +35,7 @@
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <!-- Only selected modules are deployed -->
        <maven.deploy.skip>true</maven.deploy.skip>
-        <edelivery.ssl-auth.version>1.10-SNAPSHOT</edelivery.ssl-auth.version>
+        <edelivery.ssl-auth.version>1.9</edelivery.ssl-auth.version>

        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <ant-commons-net.version>1.6.5</ant-commons-net.version>

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
@@ -65,8 +65,8 @@ public enum SMPPropertyEnum {
    UI_COOKIE_SESSION_SITE("smp.ui.session.strict","Lax","Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. Possible values are: Strict, None, Lax. (Cookies with SameSite=None require a secure context/HTTPS)!!)", false, false,false, SMPPropertyTypeEnum.STRING),
    UI_COOKIE_SESSION_PATH("smp.ui.session.path","","A path that must exist in the requested URL, or the browser won't send the Cookie header.  Null/Empty value sets the authentication requests context by default. The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match", false, false,false, SMPPropertyTypeEnum.STRING),

-    UI_COOKIE_SESSION_IDLE_TIMEOUT_ADMIN("smp.ui.session.idle_timeout.admin","300","Specifies the time, in seconds, between client requests before the SMP will invalidate session for ADMIN users (System)!", false, false,false, SMPPropertyTypeEnum.INTEGER),
-    UI_COOKIE_SESSION_IDLE_TIMEOUT_USER("smp.ui.session.idle_timeout.user","1800","Specifies the time, in seconds, between client requests before the SMP will invalidate session for users (Service group, SMP Admin)", false, false,false, SMPPropertyTypeEnum.INTEGER),
+    UI_COOKIE_SESSION_IDLE_TIMEOUT_ADMIN("smp.ui.session.idle_timeout.admin","300","Specifies the time, in seconds, between client requests before the SMP will invalidate session for ADMIN users (System and SMP Admin)!", false, false,false, SMPPropertyTypeEnum.INTEGER),
+    UI_COOKIE_SESSION_IDLE_TIMEOUT_USER("smp.ui.session.idle_timeout.user","1800","Specifies the time, in seconds, between client requests before the SMP will invalidate session for users (Service group)", false, false,false, SMPPropertyTypeEnum.INTEGER),
    // SSO configuration
    SSO_CAS_ENABLED("smp.sso.cas.enabled","false","Enable/disable CAS authentication.", false, false,true, SMPPropertyTypeEnum.BOOLEAN),
    SSO_CAS_UI_LABEL("smp.sso.cas.ui.label","EU Login","The SSO service provider label.", false, false,true, SMPPropertyTypeEnum.STRING),

--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationEventListener.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationEventListener.java
@@ -39,20 +39,29 @@ public class SMPAuthenticationEventListener implements ApplicationListener<Authe

    /**
     * On successful authentication method validates the roles and set max session idle time before it invalidates the session.
+     *
     * @param event
     */
    @Override
-    public void onApplicationEvent (AuthenticationSuccessEvent event) {
-        Collection<? extends GrantedAuthority> authorities = event.getAuthentication().getAuthorities();
-        boolean hasAdminRole = authorities.stream().anyMatch(grantedAuthority -> StringUtils.equalsIgnoreCase(grantedAuthority.getAuthority(), SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority()));
+    public void onApplicationEvent(AuthenticationSuccessEvent event) {
+
        ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
-        if (attr!= null) {
+        if (attr != null) {
+            Collection<? extends GrantedAuthority> authorities = event.getAuthentication().getAuthorities();
            HttpSession session = attr.getRequest().getSession();
-            int idleTimeout = (hasAdminRole ? configurationService.getSessionIdleTimeoutForAdmin() : configurationService.getSessionIdleTimeoutForUser());
-            LOG.debug("Set session idle timeout [{}] for user [{}]", idleTimeout, event.getAuthentication().getName());
+            int idleTimeout = getSessionTimeoutForRoles(authorities);
+            LOG.debug("Set session idle timeout [{}] for user [{}] with roles [{}]", idleTimeout, event.getAuthentication().getName(), authorities);
            session.setMaxInactiveInterval(idleTimeout);
        } else {
-            LOG.warn("Could not get ServletRequestAttributes attributes for authentication [{}]", event.getAuthentication() );
+            LOG.warn("Could not get ServletRequestAttributes attributes for authentication [{}]", event.getAuthentication());
        }
    }
+
+    public int getSessionTimeoutForRoles(Collection<? extends GrantedAuthority> authorities) {
+        boolean hasAdminRole = authorities.stream().anyMatch(grantedAuthority ->
+                StringUtils.equalsIgnoreCase(grantedAuthority.getAuthority(), SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority())
+                        || StringUtils.equalsIgnoreCase(grantedAuthority.getAuthority(), SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority()));
+        LOG.debug("has admin role [{}]", hasAdminRole);
+        return hasAdminRole ? configurationService.getSessionIdleTimeoutForAdmin() : configurationService.getSessionIdleTimeoutForUser();
+    }
 }
\ No newline at end of file
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationEventListenerTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationEventListenerTest.java
+package eu.europa.ec.edelivery.smp.auth;
+
+import eu.europa.ec.edelivery.smp.data.ui.auth.SMPAuthority;
+import eu.europa.ec.edelivery.smp.services.ConfigurationService;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.core.convert.ConversionService;
+import org.springframework.security.core.GrantedAuthority;
+
+import javax.persistence.EntityManager;
+import java.util.Arrays;
+import java.util.Collection;
+
+import static org.junit.Assert.*;
+
+public class SMPAuthenticationEventListenerTest {
+
+    ConfigurationService configurationService = Mockito.mock(ConfigurationService .class);;
+    // test instance
+    SMPAuthenticationEventListener testInstance = new SMPAuthenticationEventListener(configurationService);
+
+
+    @Test
+    public void getSessionTimeoutForRolesSMPAdmin() {
+        // Given
+        Collection<? extends GrantedAuthority> authorities = Arrays.asList(SMPAuthority.S_AUTHORITY_SMP_ADMIN);
+        // when then
+        assertTimeoutForAuthorities(authorities, true);
+    }
+
+    @Test
+    public void getSessionTimeoutForRolesSystemAdmin() {
+        // Given
+        Collection<? extends GrantedAuthority> authorities = Arrays.asList(SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN);
+        // when then
+        assertTimeoutForAuthorities(authorities, true);
+    }
+
+    @Test
+    public void getSessionTimeoutForRolesUser() {
+        // Given
+        Collection<? extends GrantedAuthority> authorities = Arrays.asList(SMPAuthority.S_AUTHORITY_SERVICE_GROUP);
+        // when then
+        assertTimeoutForAuthorities(authorities, false);
+    }
+
+    @Test
+    public void getSessionTimeoutForRolesUserAndSystem() {
+        // Given
+        Collection<? extends GrantedAuthority> authorities = Arrays.asList(SMPAuthority.S_AUTHORITY_SERVICE_GROUP,SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN);
+        // when then
+        assertTimeoutForAuthorities(authorities, true);
+    }
+
+    @Test
+    public void getSessionTimeoutForRolesUserAndSMP() {
+        // Given
+        Collection<? extends GrantedAuthority> authorities = Arrays.asList(SMPAuthority.S_AUTHORITY_SERVICE_GROUP,SMPAuthority.S_AUTHORITY_SMP_ADMIN);
+        // when then
+        assertTimeoutForAuthorities(authorities, true);
+    }
+
+    public void assertTimeoutForAuthorities(Collection<? extends GrantedAuthority> authorities, boolean isAdmin){
+        // Given
+        int secondsToTimeoutAdmin = 111;
+        int secondsToTimeoutUser = 555;
+        int expected = isAdmin ? secondsToTimeoutAdmin : secondsToTimeoutUser;
+        // idle for admin
+        Mockito.doReturn(secondsToTimeoutAdmin).when(configurationService).getSessionIdleTimeoutForAdmin();
+        Mockito.doReturn(secondsToTimeoutUser).when(configurationService).getSessionIdleTimeoutForUser();
+        // when
+        int result = testInstance.getSessionTimeoutForRoles(authorities);
+        //then
+        assertEquals(expected, result);
+    }
+}
\ No newline at end of file