litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

root user must also get the privileged timeout interval.

Browse source
This commit is contained in:
j2blake 2011-06-15 19:23:27 +00:00
parent 830456ac9f
commit 6af401dd6f
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
View file

@ -125,7 +125,7 @@ public class BasicAuthenticator extends Authenticator {
HttpSession session = request.getSession();
createLoginStatusBean(userAccount.getUri(), authSource, session);
setSessionTimeoutLimit(session);
setSessionTimeoutLimit(userAccount, session);
recordInUserSessionMap(userAccount.getUri(), session);
notifyOtherUsers(userAccount.getUri(), session);
}
@ -151,11 +151,14 @@ public class BasicAuthenticator extends Authenticator {
/**
* Editors and other privileged users get a longer timeout interval.
*/
private void setSessionTimeoutLimit(HttpSession session) {
private void setSessionTimeoutLimit(UserAccount userAccount,
HttpSession session) {
RoleLevel role = RoleLevel.getRoleFromLoginStatus(request);
if (role == RoleLevel.EDITOR || role == RoleLevel.CURATOR
|| role == RoleLevel.DB_ADMIN) {
session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
} else if (getUserAccountsDao().isRootUser(userAccount)) {
session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
} else {
session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL);
}