root user must also get the privileged timeout interval.

2011-06-15 19:23:27 +00:00 · 2011-06-15 19:23:27 +00:00 · 6af401dd6f
commit 6af401dd6f
parent 830456ac9f
1 changed files with 5 additions and 2 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
@ -125,7 +125,7 @@ public class BasicAuthenticator extends Authenticator {
 		HttpSession session = request.getSession();
 		createLoginStatusBean(userAccount.getUri(), authSource, session);
-		setSessionTimeoutLimit(session);
+		setSessionTimeoutLimit(userAccount, session);
 		recordInUserSessionMap(userAccount.getUri(), session);
 		notifyOtherUsers(userAccount.getUri(), session);
 	}
@ -151,11 +151,14 @@ public class BasicAuthenticator extends Authenticator {
 	/**
 	 * Editors and other privileged users get a longer timeout interval.
 	 */
-	private void setSessionTimeoutLimit(HttpSession session) {
+	private void setSessionTimeoutLimit(UserAccount userAccount,
 			HttpSession session) {
 		RoleLevel role = RoleLevel.getRoleFromLoginStatus(request);
 		if (role == RoleLevel.EDITOR || role == RoleLevel.CURATOR
 				|| role == RoleLevel.DB_ADMIN) {
 			session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
 		} else if (getUserAccountsDao().isRootUser(userAccount)) {
 			session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
 		} else {
 			session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL);
 		}