feat: set default session timeout to 20 min

uc-cdis · Jul 5, 2024 · 90054e0 · 90054e0
1 parent a4902b0
commit 90054e0
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/pom.xml b/pom.xml
@@ -158,6 +158,7 @@
     <security.maxLoginAttempts>3</security.maxLoginAttempts>
     <security.duration.initial>10</security.duration.initial>
     <security.duration.increment>10</security.duration.increment>
+    <security.session.timeout>1200000</security.session.timeout>
 
     <security.saml.enabled>false</security.saml.enabled>
     <security.saml.entityId></security.saml.entityId>

diff --git a/src/main/java/org/ohdsi/webapi/ShiroConfiguration.java b/src/main/java/org/ohdsi/webapi/ShiroConfiguration.java
@@ -42,6 +42,8 @@ public class ShiroConfiguration {
     private long initialDuration;
     @Value("${security.duration.increment}")
     private long increment;
+    @Value("${security.session.timeout}")
+    private long globalSessionTimeout;
     @Value("${spring.aop.proxy-target-class:false}")
     private Boolean proxyTargetClass;
     @Autowired
@@ -78,8 +80,7 @@ public DefaultWebSecurityManager securityManager(Security security, LockoutPolic
         );
 
         // Configure session manager to set the session timeout
-        long globalSessionTimeout = 30000; // TODO - read from config
-        logger.info(">>>> Setting GlobalSessionTimeout to {}s...", globalSessionTimeout/1000);
+        logger.info("Setting GlobalSessionTimeout to {}s...", globalSessionTimeout/1000);
         DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
         sessionManager.setGlobalSessionTimeout(globalSessionTimeout);
         securityManager.setSessionManager(sessionManager);