XNAT-4356 XNAT-4477 Added expiration time to alias token. Fixed logic in user...

XNAT-4356 XNAT-4477 Added expiration time to alias token. Fixed logic in user enabling and verifying routines.

XNAT-4356 XNAT-4477 Added expiration time to alias token. Fixed logic in user...
417a5fd2 · Rick Herrick · d6540791 · 417a5fd2 · 417a5fd2
Commit 417a5fd2 authored 8 years ago by Rick Herrick
--- a/src/main/java/org/nrg/xnat/restlet/services/AliasTokenRestlet.java
+++ b/src/main/java/org/nrg/xnat/restlet/services/AliasTokenRestlet.java
@@ -30,6 +30,7 @@ import org.restlet.resource.StringRepresentation;
 import org.restlet.resource.Variant;
 import java.io.IOException;
+import java.text.SimpleDateFormat;
 import java.util.HashMap;
 import java.util.Map;
@@ -93,13 +94,14 @@ public class AliasTokenRestlet extends SecureResource {
        Map<String, String> map = Maps.newHashMap();
        map.put("alias", token.getAlias());
        map.put("secret", token.getSecret());
-        String value = "";
+        if (token.getEstimatedExpirationTime() != null) {
+            map.put("estimatedExpirationTime", FORMATTER.format(token.getEstimatedExpirationTime()));
+        }
        try {
-            value = _serializer.toJson(map);
+            return _serializer.toJson(map);
-        } catch (IOException e) {
+        } catch (IOException ignored) {
-            //
+            return "";
        }
-        return value;
    }
    @Override
@@ -114,7 +116,8 @@ public class AliasTokenRestlet extends SecureResource {
        return _service;
    }
-    private static final int INVALID = -1;
+    private static final SimpleDateFormat FORMATTER = new SimpleDateFormat("yyyyMMdd_HHmmss");
    private final SerializerService _serializer;
    private       AliasTokenService _service;
    private       String            _operation;

--- a/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
+++ b/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
@@ -120,7 +120,7 @@ public class XnatAuthenticationFilter extends UsernamePasswordAuthenticationFilt
        try {
            AccessLogger.LogServiceAccess(username, AccessLogger.GetRequestIp(request), "Authentication", "SUCCESS");
-            Authentication auth =  getAuthenticationManager().authenticate(authRequest);
+            Authentication auth = getAuthenticationManager().authenticate(authRequest);
            //Fixed XNAT-4409 by adding a check for a par parameter on login. If a PAR is present and valid, then grant the user that just logged in the appropriate project permissions.
            if(StringUtils.isNotBlank(request.getParameter("par"))){