Add session timeout for the web-ui

Description

Currently, even when the grid is secured (com.gs.security.enabled=true) and the user name field is mandatory (com.gigaspaces.webui.username.mandatory)

there is no session timeout for the old web-ui.
I have run a few tests as follow:

Test1 - XAP 14.5

  1. edit the web-ui webapp/WEB-INF/web.xml and added

<session-config>
<session-timeout>1</session-timeout>
</session-config>

2. rebuilt the xap-webui war

3. edit setenv-overrides.sh and added

export EXT_JAVA_OPTIONS='-Dcom.gs.security.enabled=true'
export XAP_MANAGER_OPTIONS='-Dcom.gs.manager.rest.ssl.enabled=false'

4. start the grid: ./gs.sh host run-agent --manager --gsc=2

5. run web-ui:

export USER_NAME_MANDATORY=true

./gs-webui.sh

 

Test2 - XAP 14.0

  1. edit xap/xap-extensions/xap-jetty/src/main/java/org/openspaces/pu/container/jee/jetty/JettyWebApplicationContextListener.java

and change: gigaSessionManager.setMaxInactiveInterval(Integer.parseInt(sessionTimeout) * 60);

to:

gigaSessionManager.setMaxInactiveInterval(Integer.parseInt(sessionTimeout) * 1);

2. rebuild xap/xap-extensions/xap-jetty/target/xap-jetty.jar

3. copy xap/xap-extensions/xap-jetty/target/xap-jetty.jar to gigaspaces-xap-enterprise-14.0.0-ga-b20000/lib/optional/jetty/xap-jetty

4. edit xap-premium/xap-tools/xap-ui-web/xap-webui/src/main/webapp/META-INF/spring/jetty.pu.xml and added:

<prop key="jetty.sessions.timeout">1</prop>
e.g:
<bean id="propertiesConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="properties">
<props>
<prop key="web.context">/${clusterInfo.name}</prop>
<prop key="web.port">8099</prop>
<prop key="web.sslPort">8099</prop>
<prop key="web.context.classLoader.parentFirst">false</prop>
<prop key="web.context.copyWebDir">false</prop>
<prop key="web.threadPool.minThreads">10</prop>
<prop key="web.threadPool.maxThreads">200</prop>
<prop key="web.selector.maxIdleTime">300000</prop>
<prop key="web.selector.acceptors">2</prop>
<prop key="web.selector.selectors">-1</prop>
<prop key="web.selector.lowResourcesConnections">20000</prop>
<prop key="web.selector.lowResourcesMaxIdleTime">5000</prop>
<prop key="web.selector.forwarded">true</prop>
<prop key="web.statsOn">false</prop>
<prop key="jetty.sessions.spaceUrl">false</prop>
<prop key="jetty.sessions.timeout">1</prop>
</props>
</property>
</bean>

5. edit setenv-overrides.sh and added

export EXT_JAVA_OPTIONS='-Dcom.gs.security.enabled=true'
export XAP_MANAGER_OPTIONS='-Dcom.gs.manager.rest.ssl.enabled=false'

6. start the grid: ./xap host run-agent --manager --gsc=2

7. run web-ui:

export USER_NAME_MANDATORY=true

./gs-webui.sh

(or deployed xap-webui-14.0.0-SNAPSHOT.war through the gs-ui)

Workaround

None

Acceptance Test

None

Status

Assignee

Unassigned

Reporter

Yuval Dori

Labels

None

Priority

Medium

SalesForce Case ID

12557

Fix versions

None

Commitment Version/s

None

Due date

None

Product

None

Edition

Open Source

Platform

All
Configure