From e77a0832c67c122fc278f24598c1838e0a16856c Mon Sep 17 00:00:00 2001
From: "nikolas.laskaris" <nikolas.laskaris@mycompany.com>
Date: Fri, 21 Jun 2013 11:45:09 +0000
Subject: [PATCH] Created getSessionTimeoutMillis to parse session-timeout
 value from tomcat xml files. Added a file properties.xml as a fallback in the
 case that tomcat xml file is not found. Changed isValid and invalidate to
 reflect the changes above.

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/application-support-layer/applicationSupportLayerCore@77227 82a268e6-3cf1-43bd-a215-b396298e98cf
---
 .../framework/core/session/ASLSession.java    | 83 ++++++++++++++++++-
 src/main/resources/properties.xml             |  6 ++
 2 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 src/main/resources/properties.xml

diff --git a/src/main/java/org/gcube/application/framework/core/session/ASLSession.java b/src/main/java/org/gcube/application/framework/core/session/ASLSession.java
index 5df096d..c827ce3 100644
--- a/src/main/java/org/gcube/application/framework/core/session/ASLSession.java
+++ b/src/main/java/org/gcube/application/framework/core/session/ASLSession.java
@@ -1,10 +1,20 @@
 package org.gcube.application.framework.core.session;
 
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
 import java.util.HashMap;
 import java.util.Set;
 
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
 import org.gcube.application.framework.accesslogger.library.impl.AccessLogger;
 import org.gcube.application.framework.accesslogger.model.LoginToVreAccessLogEntry;
 import org.gcube.application.framework.core.security.PortalSecurityManager;
@@ -72,12 +82,76 @@ public class ASLSession{
 		}
 	}
 
+	/**
+	 * It looks into tomcat's web.xml file for session-timeout value.
+	 * if not available, it looks into the properties.xml of this JAR
+	 * 
+	 * @return timeout in milliseconds
+	 * @throws IOException
+	 * @throws ParserConfigurationException
+	 */
+	public int getSessionTimeoutMillis() throws IOException, ParserConfigurationException {
+        int timeoutSecs;
+        DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+    	DocumentBuilder dBuilder = null;
+		try {
+			dBuilder = dbFactory.newDocumentBuilder();
+		} catch (ParserConfigurationException e1) {e1.printStackTrace();}
+        String tomcatBasePath = System.getProperty("catalina.base");
+        String fullFilePath = tomcatBasePath + "/webapps/ROOT/WEB-INF/web.xml";
+        Document webXMLDoc = null;
+		try {
+	        File webXML = new File(fullFilePath);
+			webXMLDoc = dBuilder.parse(webXML);
+			webXMLDoc.getDocumentElement().normalize();
+			NodeList sessionTimeouts = webXMLDoc.getElementsByTagName("session-timeout"); //this NodeList contains all the <session-timeout> elements - should by only one
+			String timeoutString = sessionTimeouts.item(0).getTextContent(); //timeout now contains the timeout value in string. eg "400"
+			if( (timeoutString==null) || (timeoutString=="")){
+				logger.debug("No property session-timeout in file, setting it to default");
+				timeoutSecs = 1800; //30 minutes
+			}
+			else{
+				timeoutSecs = Integer.parseInt(timeoutString);
+			}
+		} 
+		catch (Exception e) { //case tomcat properties file could not be found
+			logger.debug("Could not parse file " + fullFilePath + " for session-timeout property. Parsing from jar.");
+			try {//try getting it from the local file
+				ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
+				URL url = classLoader.getResource("/properties.xml");
+				webXMLDoc = dBuilder.parse(new File(url.toURI()));
+				webXMLDoc.getDocumentElement().normalize();
+				NodeList sessionTimeouts = webXMLDoc.getElementsByTagName("session-timeout"); //this NodeList contains all the <session-timeout> elements - should by only one
+				String timeoutString = sessionTimeouts.item(0).getTextContent();
+				if( (timeoutString==null) || (timeoutString=="")){
+					logger.debug("No property session-timeout in local file, setting it to default");
+					timeoutSecs = 1800; //30 minutes
+				}
+				else{
+					timeoutSecs = Integer.parseInt(timeoutString);
+				}
+			} catch (Exception e1) {
+				logger.debug("Could not parse file properties.xml for property. Setting it to default.");
+				timeoutSecs = 1800; //30 minutes
+			}
+		}
+		//At this point, in all cases "timeoutSecs" will have a valid timeout value. If not from the two xml files, then a default one
+        return timeoutSecs * 1000;
+	}
+
+	
+	
 	/**
 	 * @return whether the session is still valid or not 
 	 */
 	public boolean isValid()
 	{
-		if((System.currentTimeMillis() - lastUsedTime) > 1800000) // 30 minutes
+		int maxTime = -1; //it will never be -1
+		try {
+			maxTime = getSessionTimeoutMillis();
+		} catch (Exception e) {	e.printStackTrace();}
+		
+		if((System.currentTimeMillis() - lastUsedTime) > maxTime)
 			return false;
 		return true;
 	}
@@ -159,7 +233,12 @@ public class ASLSession{
 	 */
 	public void invalidate()
 	{
-		lastUsedTime = System.currentTimeMillis() - 2000000; //more than 30 minutes
+		int maxTime = -1; //it will never be -1
+		try {
+			maxTime = getSessionTimeoutMillis();
+		} catch (Exception e) {	e.printStackTrace();}
+		
+		lastUsedTime = System.currentTimeMillis() - maxTime+120000; // 2 minutes excessive
 	}
 
 	/**
diff --git a/src/main/resources/properties.xml b/src/main/resources/properties.xml
new file mode 100644
index 0000000..a2a7d96
--- /dev/null
+++ b/src/main/resources/properties.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<properties>
+	<session-config>
+		<session-timeout>400</session-timeout>
+	</session-config>
+</properties>
\ No newline at end of file