From 0c2ab13d9082643188690e31d82cdf7a32449a2e Mon Sep 17 00:00:00 2001
From: xg353y <xg353y@intl.att.com>
Date: Wed, 23 May 2018 18:02:49 +0200
Subject: [PATCH] Add session timeout page

Page timeout.html will be loaded at the session timeout, so that client
can re-login.

Issue-ID: CLAMP-166
Change-Id: Ie6af79e993480162b1becf9a01b99c70ec831354
Signed-off-by: xg353y <xg353y@intl.att.com>
---
 .../config/spring/CldsSecurityConfigUsers.java     |  6 ++-
 .../resources/designer/scripts/authcontroller.js   |  5 ++
 .../META-INF/resources/designer/timeout.html       | 55 ++++++++++++++++++++++
 3 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 src/main/resources/META-INF/resources/designer/timeout.html

diff --git a/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java b/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java
index aabb6cf0..961cc6b3 100644
--- a/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java
+++ b/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java
@@ -74,7 +74,11 @@ public class CldsSecurityConfigUsers extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         try {
             http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
-                    .authenticated().anyRequest().permitAll().and().logout();
+                    .authenticated().anyRequest().permitAll().and().logout()
+            .and().sessionManagement()
+                .maximumSessions(1)
+            .and().invalidSessionUrl("/designer/timeout.html");
+
         } catch (Exception e) {
             logger.error("Exception occurred during the setup of the Web users in memory", e);
             throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e);
diff --git a/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js b/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js
index ca910618..ac891980 100644
--- a/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js
+++ b/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js
@@ -71,5 +71,10 @@ function AuthenticateCtrl($scope, $rootScope, $window, $resource, $http, $locati
       callback && callback();
     });
   };
+  
+  $scope.logout = function() {
+      window.localStorage.removeItem("isAuth");
+      window.localStorage.removeItem("loginuser");
+  };
 
 }
diff --git a/src/main/resources/META-INF/resources/designer/timeout.html b/src/main/resources/META-INF/resources/designer/timeout.html
new file mode 100644
index 00000000..ce3002b2
--- /dev/null
+++ b/src/main/resources/META-INF/resources/designer/timeout.html
@@ -0,0 +1,55 @@
+<!--
+  ============LICENSE_START=======================================================
+  ONAP CLAMP
+  ================================================================================
+  Copyright (C) 2017 AT&T Intellectual Property. All rights
+                              reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License"); 
+  you may not use this file except in compliance with the License. 
+  You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing, software 
+  distributed under the License is distributed on an "AS IS" BASIS, 
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+  See the License for the specific language governing permissions and 
+  limitations under the License.
+  ============LICENSE_END============================================
+  ===================================================================
+  
+  -->
+<style>
+.divRow {
+	margin-left: 5px;
+	font-size: 13px;
+	font-weight: normal;
+	margin-top:10px;
+}
+</style>
+
+<head>
+	<title>CLDS</title>
+	<script language="javascript">
+		function buttonVilibility()  
+		{
+			if (window.opener && window.opener !== window) {
+					document.getElementById("boton1").style.visibility="visible";  
+			} else {
+					document.getElementById("boton1").style.visibility="hidden";  
+			}
+		}
+	</script>
+</head>
+<body onload='buttonVilibility()'>
+<div ng-controller="AuthenticateCtrl" ng-init="logout()"> 
+	<div id='main'>
+		<div class="divRow"><b>Your session is timeout.</b></div>
+		<div class="divRow">Please <a href="/designer/index.html"/>Login</a> again.</div>
+	</div>
+	<div>
+		<button id="boton1" ng-click="close(true)" class="btn btn-primary">Close</button>
+	</div>
+</div>
+</body>
-- 
2.16.6