Merge pull request #839 from anoopvarma-2000-p/main

fix: session time out error issue fix
tech-by-design · Dec 9, 2024 · 875f779 · 875f779
2 parents 739638f + 17c2a62
commit 875f779
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 11 deletions.
diff --git a/hub-prime/pom.xml b/hub-prime/pom.xml
@@ -11,7 +11,7 @@
 	</parent>
 	<groupId>org.techbd</groupId>
 	<artifactId>hub-prime</artifactId>
-	<version>0.370.0</version>
+	<version>0.371.0</version>
 	<packaging>war</packaging>
 	<name>Tech by Design Hub (Prime)</name>
 	<description>Tech by Design Hub (Primary)</description>

diff --git a/hub-prime/src/main/java/org/techbd/service/http/GitHubUserAuthorizationFilter.java b/hub-prime/src/main/java/org/techbd/service/http/GitHubUserAuthorizationFilter.java
@@ -21,20 +21,21 @@
 
 @Component
 public class GitHubUserAuthorizationFilter extends OncePerRequestFilter {
+
     private static final String AUTH_USER_SESSION_ATTR_NAME = "authenticatedUser";
     private static final String supportEmail = "[email protected]";
     private static final String supportEmailDisplayName = "Tech by Design Support <" + supportEmail + ">";
 
     @JsonIgnoreProperties(ignoreUnknown = true)
     public record AuthenticatedUser(OAuth2User principal, GitHubUsersService.AuthorizedUser ghUser)
             implements Serializable {
+
     }
 
     public static final Optional<AuthenticatedUser> getAuthenticatedUser(
             final @NonNull HttpServletRequest request) {
-        final var sessionUser = (AuthenticatedUser) request.getSession(true)
-                .getAttribute(AUTH_USER_SESSION_ATTR_NAME);
-        return Optional.ofNullable(sessionUser);
+        return Optional.ofNullable(request.getSession(false))
+                .map(session -> (AuthenticatedUser) session.getAttribute(AUTH_USER_SESSION_ATTR_NAME));
     }
 
     protected static final void setAuthenticatedUser(final @NonNull HttpServletRequest request,

diff --git a/hub-prime/src/main/java/org/techbd/service/http/SecurityConfig.java b/hub-prime/src/main/java/org/techbd/service/http/SecurityConfig.java
@@ -12,6 +12,7 @@
 import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@@ -49,7 +50,12 @@ public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws E
         http
                 .authorizeHttpRequests(
                         authorize -> authorize
-                                .requestMatchers("/login/**", "/oauth2/**", "/", "/Bundle", "/Bundle/**",  "/flatfile/csv/Bundle","/flatfile/csv/Bundle/**","/Hl7/v2", "/Hl7/v2/", "/metadata",
+                                .requestMatchers("/login/**", "/oauth2/**",
+                                        "/",
+                                        "/Bundle", "/Bundle/**",
+                                        "/flatfile/csv/Bundle", "/flatfile/csv/Bundle/**",
+                                        "/Hl7/v2", "/Hl7/v2/",
+                                        "/metadata",
                                         "/api/expect/**",
                                         "/docs/api/interactive/swagger-ui/**", "/support/**", "/docs/api/interactive/**",
                                         "/docs/api/openapi/**",
@@ -71,11 +77,11 @@ public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws E
                                 .permitAll()
                 )
                 .csrf(AbstractHttpConfigurer::disable)
-                // .sessionManagement(
-                //         sessionManagement -> sessionManagement
-                //                 .invalidSessionUrl("/?timeout=true")
-                //                 //.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) //TODO As this method is not working, remove it.
-                // )
+                .sessionManagement(
+                        sessionManagement -> sessionManagement
+                                .invalidSessionUrl("/?timeout=true")
+                                .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+                )
                 .addFilterAfter(authzFilter, UsernamePasswordAuthenticationFilter.class);
         // allow us to show our own content in IFRAMEs (e.g. Swagger, etc.)
         http.headers(headers -> {

diff --git a/hub-prime/src/main/resources/application.yml b/hub-prime/src/main/resources/application.yml
@@ -67,7 +67,7 @@ server:
         secure: true
         http-only: true
         same-site: LAX
-      timeout: 60m
+      timeout: 5m
 
 org:
   techbd: