feat(jans-auth-server): added dedicated deviceSessionLifetime conf pr…

…operty #7010 (#9513)

Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

docs/admin/auth-server/endpoints/authorization-challenge.md

@@ -142,7 +142,9 @@ Full sample script can be found [here](../../../script-catalog/authorization_cha
 Device session is optional. AS does not return it by default. 
 It's possible to pass in request `use_device_session=true` which makes AS return it in error response.
 If it is desired to use `device_session` and don't pass `client_id` (or other parameters) in next request, 
-it should be put in attributes of `device_session` object.
+it should be put in attributes of `device_session` object. 
+`device_session` object lifetime is set by `deviceSessionLifetimeInSeconds` AS configuration property. 
+If `deviceSessionLifetimeInSeconds` is not set then value falls back to `86400` seconds.
 
 Example
 ```java
@@ -241,10 +243,7 @@ In custom script it's easy to code what data has to be kept in `device_session`.
         DeviceSessionService deviceSessionService = CdiUtil.bean(DeviceSessionService.class);
         boolean newSave = deviceSessionObject == null;
         if (newSave) {
-            final String id = UUID.randomUUID().toString();
-            deviceSessionObject = new DeviceSession();
-            deviceSessionObject.setId(id);
-            deviceSessionObject.setDn(deviceSessionService.buildDn(id));
+            deviceSessionObject = deviceSessionService.newDeviceSession();
         }
 
         String username = context.getHttpRequest().getParameter(USERNAME_PARAMETER);

docs/admin/developer/scripts/authorization-challenge.md

@@ -185,10 +185,7 @@ public class AuthorizationChallenge implements AuthorizationChallengeType {
         DeviceSessionService deviceSessionService = CdiUtil.bean(DeviceSessionService.class);
         boolean newSave = deviceSessionObject == null;
         if (newSave) {
-            final String id = UUID.randomUUID().toString();
-            deviceSessionObject = new DeviceSession();
-            deviceSessionObject.setId(id);
-            deviceSessionObject.setDn(deviceSessionService.buildDn(id));
+            deviceSessionObject = deviceSessionService.newDeviceSession();
         }
 
         String username = context.getHttpRequest().getParameter(USERNAME_PARAMETER);
@@ -395,10 +392,7 @@ public class AuthorizationChallenge implements AuthorizationChallengeType {
         DeviceSessionService deviceSessionService = CdiUtil.bean(DeviceSessionService.class);
         boolean newSave = deviceSessionObject == null;
         if (newSave) {
-            final String id = UUID.randomUUID().toString();
-            deviceSessionObject = new DeviceSession();
-            deviceSessionObject.setId(id);
-            deviceSessionObject.setDn(deviceSessionService.buildDn(id));
+            deviceSessionObject = deviceSessionService.newDeviceSession();
         }
 
         String username = context.getHttpRequest().getParameter(USERNAME_PARAMETER);

docs/script-catalog/authorization_challenge/AuthorizationChallenge.java

@@ -120,10 +120,7 @@ private DeviceSession prepareDeviceSession(ExternalScriptContext context, Device
         DeviceSessionService deviceSessionService = CdiUtil.bean(DeviceSessionService.class);
         boolean newSave = deviceSessionObject == null;
         if (newSave) {
-            final String id = UUID.randomUUID().toString();
-            deviceSessionObject = new DeviceSession();
-            deviceSessionObject.setId(id);
-            deviceSessionObject.setDn(deviceSessionService.buildDn(id));
+            deviceSessionObject = deviceSessionService.newDeviceSession();
         }
 
         String username = context.getHttpRequest().getParameter(USERNAME_PARAMETER);

docs/script-catalog/authorization_challenge/multi_step/AuthorizationChallenge.java

@@ -129,10 +129,7 @@ private DeviceSession prepareDeviceSession(ExternalScriptContext context, Device
         DeviceSessionService deviceSessionService = CdiUtil.bean(DeviceSessionService.class);
         boolean newSave = deviceSessionObject == null;
         if (newSave) {
-            final String id = UUID.randomUUID().toString();
-            deviceSessionObject = new DeviceSession();
-            deviceSessionObject.setId(id);
-            deviceSessionObject.setDn(deviceSessionService.buildDn(id));
+            deviceSessionObject = deviceSessionService.newDeviceSession();
         }
 
         String username = context.getHttpRequest().getParameter(USERNAME_PARAMETER);

jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java

@@ -33,6 +33,7 @@
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class AppConfiguration implements Configuration {
 
+    public static final int DEFAULT_DEVICE_SESSION_LIFETIME = 86400;
     public static final int DEFAULT_SESSION_ID_LIFETIME = 86400;
     public static final KeySelectionStrategy DEFAULT_KEY_SELECTION_STRATEGY = KeySelectionStrategy.OLDER;
     public static final String DEFAULT_STAT_SCOPE = "jans_stat";
@@ -692,6 +693,9 @@ public class AppConfiguration implements Configuration {
     @DocProperty(description = "Choose whether to disable U2F endpoints", defaultValue = "false")
     private Boolean disableU2fEndpoint = false;
 
+    @DocProperty(description = "Device session lifetime in seconds")
+    private Integer deviceSessionLifetimeInSeconds;
+
     // Token Exchange
     @DocProperty(description = "", defaultValue = "false")
     private Boolean rotateDeviceSecret = false;
@@ -1024,6 +1028,17 @@ public void setReturnDeviceSecretFromAuthzEndpoint(Boolean returnDeviceSecretFro
         this.returnDeviceSecretFromAuthzEndpoint = returnDeviceSecretFromAuthzEndpoint;
     }
 
+    public Integer getDeviceSessionLifetimeInSeconds() {
+        if (deviceSessionLifetimeInSeconds == null) {
+           deviceSessionLifetimeInSeconds = DEFAULT_DEVICE_SESSION_LIFETIME;
+        }
+        return deviceSessionLifetimeInSeconds;
+    }
+
+    public void setDeviceSessionLifetimeInSeconds(Integer deviceSessionLifetimeInSeconds) {
+        this.deviceSessionLifetimeInSeconds = deviceSessionLifetimeInSeconds;
+    }
+
     public Boolean getRotateDeviceSecret() {
         if (rotateDeviceSecret == null) rotateDeviceSecret = false;
         return rotateDeviceSecret;

jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/DeviceSessionService.java

@@ -10,6 +10,8 @@
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 
+import java.util.*;
+
 /**
  * @author Yuriy Z
  */
@@ -29,6 +31,29 @@ public class DeviceSessionService {
     @Inject
     private StaticConfiguration staticConfiguration;
 
+    public DeviceSession newDeviceSession() {
+        final String id = UUID.randomUUID().toString();
+        return newDeviceSession(id);
+    }
+
+    public DeviceSession newDeviceSession(String id) {
+        int lifetimeInSeconds = appConfiguration.getDeviceSessionLifetimeInSeconds();
+
+        final Calendar calendar = new GregorianCalendar();
+        final Date creationDate = calendar.getTime();
+        calendar.add(Calendar.SECOND, lifetimeInSeconds);
+        final Date expirationDate = calendar.getTime();
+
+        DeviceSession deviceSession = new DeviceSession();
+        deviceSession.setId(id);
+        deviceSession.setDn(buildDn(id));
+        deviceSession.setDeletable(true);
+        deviceSession.setTtl(lifetimeInSeconds);
+        deviceSession.setCreationDate(creationDate);
+        deviceSession.setExpirationDate(expirationDate);
+        return deviceSession;
+    }
+
     public String buildDn(String id) {
         return String.format("jansId=%s,%s", id, staticConfiguration.getBaseDn().getSessions());
     }