From 6af401dd6f5c8aa89cb6e53b7b6f4a31ca8d517d Mon Sep 17 00:00:00 2001
From: j2blake <j2blake@440791e1-c2bf-4c1e-ad7c-caf3f8b0ebe8>
Date: Wed, 15 Jun 2011 19:23:27 +0000
Subject: [PATCH] root user must also get the privileged timeout interval.

---
 .../webapp/controller/authenticate/BasicAuthenticator.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
index f84bf041b..ca0cfdf3b 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
@@ -125,7 +125,7 @@ public class BasicAuthenticator extends Authenticator {
 
 		HttpSession session = request.getSession();
 		createLoginStatusBean(userAccount.getUri(), authSource, session);
-		setSessionTimeoutLimit(session);
+		setSessionTimeoutLimit(userAccount, session);
 		recordInUserSessionMap(userAccount.getUri(), session);
 		notifyOtherUsers(userAccount.getUri(), session);
 	}
@@ -151,11 +151,14 @@ public class BasicAuthenticator extends Authenticator {
 	/**
 	 * Editors and other privileged users get a longer timeout interval.
 	 */
-	private void setSessionTimeoutLimit(HttpSession session) {
+	private void setSessionTimeoutLimit(UserAccount userAccount,
+			HttpSession session) {
 		RoleLevel role = RoleLevel.getRoleFromLoginStatus(request);
 		if (role == RoleLevel.EDITOR || role == RoleLevel.CURATOR
 				|| role == RoleLevel.DB_ADMIN) {
 			session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
+		} else if (getUserAccountsDao().isRootUser(userAccount)) {
+			session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
 		} else {
 			session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL);
 		}