Added session timeout back to web.xml, removed from session event publisher....

Added session timeout back to web.xml, removed from session event publisher. Added back in missing Spring Security filter chain from move to initializer. Added missing Xalan dependency for security. Added @PreDestroy method for DICOM SCP manager.

build.gradle

@@ -275,6 +275,7 @@ dependencies {
     runtime "net.imagej:ij:1.50e"
     runtime "net.bull.javamelody:javamelody-core:1.58.0"
     runtime "org.javassist:javassist:3.20.0-GA"
+    runtime "xalan:xalan:2.7.2"
 
     providedCompile "javax.servlet:javax.servlet-api:${vServletApi}"
 

src/main/java/org/nrg/dcm/DicomSCPManager.java

@@ -29,6 +29,7 @@ import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 
+import javax.annotation.PreDestroy;
 import javax.inject.Inject;
 import java.io.IOException;
 import java.util.HashMap;
@@ -52,6 +53,17 @@ public class DicomSCPManager implements ApplicationContextAware {
         _context = context;
     }
 
+    @PreDestroy
+    public void shutdown() {
+        _log.debug("Handling pre-destroy actions, shutting down DICOM SCP receivers.");
+        stopDicomSCPs();
+    }
+
+    /**
+     * Sets the preferences for the DICOM SCP manager.
+     * @param preferences    The preferences to set.
+     */
+    @SuppressWarnings("unused")
     public void setPreferences(final DicomSCPPreferences preferences) {
         _preferences = preferences;
         for (final DicomSCPInstance instance : preferences.getDicomSCPInstances()) {

src/main/java/org/nrg/xnat/initialization/XnatWebAppInitializer.java

@@ -5,18 +5,17 @@ import org.apache.axis.transport.http.AxisHTTPSessionListener;
 import org.apache.axis.transport.http.AxisServlet;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.turbine.Turbine;
+import org.nrg.dcm.DicomSCPManager;
 import org.nrg.xdat.servlet.XDATAjaxServlet;
 import org.nrg.xdat.servlet.XDATServlet;
 import org.nrg.xnat.restlet.servlet.XNATRestletServlet;
 import org.nrg.xnat.restlet.util.UpdateExpirationCookie;
 import org.nrg.xnat.security.XnatSessionEventPublisher;
+import org.springframework.web.filter.DelegatingFilterProxy;
 import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
 
 import javax.servlet.*;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.List;
+import java.util.*;
 
 public class XnatWebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
 
@@ -33,6 +32,7 @@ public class XnatWebAppInitializer extends AbstractAnnotationConfigDispatcherSer
         super.onStartup(context);
 
         // Now initialize everything else.
+        context.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class).addMappingForUrlPatterns(null, false, "/*");
         context.addFilter("updateExpirationCookie", UpdateExpirationCookie.class);
 
         context.addListener(XnatSessionEventPublisher.class);

src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java

@@ -48,8 +48,6 @@ public class XnatSessionEventPublisher implements HttpSessionListener, ServletCo
             _log.debug("Publishing event: " + e);
         }
 
-        // TODO: This should be wired to a database setting so that the admin can change the session timeout value.
-        session.setMaxInactiveInterval(900);
         session.setAttribute("XNAT_CSRF", UUID.randomUUID().toString());
 
         getContext(session.getServletContext()).publishEvent(e);

src/main/webapp/WEB-INF/conf/xnat-security.xml

@@ -16,8 +16,6 @@
 
     <context:annotation-config />
 
-    <context:component-scan base-package="org.nrg.xnat.security.controllers"/>
-
     <util:list id="decisionVoters">
         <ref bean="roleVoter"/>
         <ref bean="authenticatedVoter"/>
@@ -129,7 +127,6 @@
         </property>
         <property name="adminUrls">
             <list>
-                <value>/monitoring*</value>
                 <value>/app/template/AdminSummary.vm*</value>
                 <value>/app/template/Configuration.vm*</value>
                 <value>/app/template/XDATScreen_EditScript.vm/user/Test*</value>
@@ -146,6 +143,7 @@
                 <value>/app/template/XDATScreen_manage_news.vm*</value>
                 <value>/app/template/XDATScreen_manage_pipeline.vm*</value>
                 <value>/app/template/XDATScreen_roles.vm*</value>
+                <value>/monitoring*</value>
             </list>
         </property>
     </bean>

src/main/webapp/WEB-INF/web.xml

@@ -20,6 +20,15 @@
     </welcome-file-list>
     <!-- ======================================================================== -->
     <!--                                                                          -->
+    <!-- Set the session configuration settings, which is basically just the      -->
+    <!-- session timeout value specified in minutes.                              -->
+    <!--                                                                          -->
+    <!-- ======================================================================== -->
+    <session-config>
+        <session-timeout>15</session-timeout>
+    </session-config>
+    <!-- ======================================================================== -->
+    <!--                                                                          -->
     <!-- Mapping HTTP error codes and exceptions to custom error pages to make    -->
     <!-- the display a bit more pleasant and preserve system confidentiality.     -->
     <!--                                                                          -->