From: Manoop Talasila <talasila@research.att.com>
Date: Fri, 1 Jun 2018 15:34:23 +0000 (+0000)
Subject: Merge "Document Security section of the Release Notes"
X-Git-Tag: 2.3.0~47
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=c2178ff5ff354811ba01666e15ad06166df5e54d;hp=8764d78f63c210f7b4efd5fd2ed0d12858d950c6;p=portal.git

Merge "Document Security section of the Release Notes"
---

diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/interceptor/SessionTimeoutInterceptor.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/interceptor/SessionTimeoutInterceptor.java
index d0d3d48c..dd201edd 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/interceptor/SessionTimeoutInterceptor.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/interceptor/SessionTimeoutInterceptor.java
@@ -52,6 +52,8 @@ import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+import org.onap.portalsdk.core.util.SystemProperties;
+import org.onap.portalapp.portal.utils.EPSystemProperties;
 
 public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
 	EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SessionTimeoutInterceptor.class);
@@ -79,7 +81,9 @@ public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
 			if (!controller.isAccessible()) {
 				try {
 					EPUser user = EPUserUtils.getUserSession(request);
-
+					if (user == null) {
+						throw new SessionExpiredException();
+					}
 					if (request.getRequestURI().indexOf("logout.htm") > -1) {
 						CollaborateList.delUserName(user.getOrgUserId());
 						throw new SessionExpiredException();
@@ -87,6 +91,9 @@ public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
 						resetSessionMaxIdleTimeOut(request);
 						CollaborateList.addUserName(user.getOrgUserId());
 					}
+				} catch (SessionExpiredException e) {
+					response.sendRedirect(SystemProperties.getProperty(EPSystemProperties.LOGIN_URL_NO_RET_VAL));
+					return false;
 				} catch (Exception e) {
 					logger.error(EELFLoggerDelegate.errorLogger, "preHandle failed", e);
 					return false;
@@ -115,4 +122,4 @@ public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
 			return true;
 		return false;
 	}
-}
\ No newline at end of file
+}