From d396d13229fde120190a301fd8efa2b4e4d60fe6 Mon Sep 17 00:00:00 2001
From: Rick Herrick <jrherrick@wustl.edu>
Date: Mon, 22 Feb 2016 19:15:03 -0600
Subject: [PATCH] Added session timeout back to web.xml, removed from session
 event publisher. Added back in missing Spring Security filter chain from move
 to initializer. Added missing Xalan dependency for security. Added
 @PreDestroy method for DICOM SCP manager.

---
 build.gradle                                         |  1 +
 src/main/java/org/nrg/dcm/DicomSCPManager.java       | 12 ++++++++++++
 .../xnat/initialization/XnatWebAppInitializer.java   |  8 ++++----
 .../nrg/xnat/security/XnatSessionEventPublisher.java |  2 --
 src/main/webapp/WEB-INF/conf/xnat-security.xml       |  4 +---
 src/main/webapp/WEB-INF/web.xml                      |  9 +++++++++
 6 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/build.gradle b/build.gradle
index 83b6c562..fc0c38ab 100644
--- a/build.gradle
+++ b/build.gradle
@@ -275,6 +275,7 @@ dependencies {
     runtime "net.imagej:ij:1.50e"
     runtime "net.bull.javamelody:javamelody-core:1.58.0"
     runtime "org.javassist:javassist:3.20.0-GA"
+    runtime "xalan:xalan:2.7.2"
 
     providedCompile "javax.servlet:javax.servlet-api:${vServletApi}"
 
diff --git a/src/main/java/org/nrg/dcm/DicomSCPManager.java b/src/main/java/org/nrg/dcm/DicomSCPManager.java
index c5f097cd..98b24b3d 100644
--- a/src/main/java/org/nrg/dcm/DicomSCPManager.java
+++ b/src/main/java/org/nrg/dcm/DicomSCPManager.java
@@ -29,6 +29,7 @@ import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 
+import javax.annotation.PreDestroy;
 import javax.inject.Inject;
 import java.io.IOException;
 import java.util.HashMap;
@@ -52,6 +53,17 @@ public class DicomSCPManager implements ApplicationContextAware {
         _context = context;
     }
 
+    @PreDestroy
+    public void shutdown() {
+        _log.debug("Handling pre-destroy actions, shutting down DICOM SCP receivers.");
+        stopDicomSCPs();
+    }
+
+    /**
+     * Sets the preferences for the DICOM SCP manager.
+     * @param preferences    The preferences to set.
+     */
+    @SuppressWarnings("unused")
     public void setPreferences(final DicomSCPPreferences preferences) {
         _preferences = preferences;
         for (final DicomSCPInstance instance : preferences.getDicomSCPInstances()) {
diff --git a/src/main/java/org/nrg/xnat/initialization/XnatWebAppInitializer.java b/src/main/java/org/nrg/xnat/initialization/XnatWebAppInitializer.java
index a2389a15..85797a83 100644
--- a/src/main/java/org/nrg/xnat/initialization/XnatWebAppInitializer.java
+++ b/src/main/java/org/nrg/xnat/initialization/XnatWebAppInitializer.java
@@ -5,18 +5,17 @@ import org.apache.axis.transport.http.AxisHTTPSessionListener;
 import org.apache.axis.transport.http.AxisServlet;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.turbine.Turbine;
+import org.nrg.dcm.DicomSCPManager;
 import org.nrg.xdat.servlet.XDATAjaxServlet;
 import org.nrg.xdat.servlet.XDATServlet;
 import org.nrg.xnat.restlet.servlet.XNATRestletServlet;
 import org.nrg.xnat.restlet.util.UpdateExpirationCookie;
 import org.nrg.xnat.security.XnatSessionEventPublisher;
+import org.springframework.web.filter.DelegatingFilterProxy;
 import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
 
 import javax.servlet.*;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.List;
+import java.util.*;
 
 public class XnatWebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
 
@@ -33,6 +32,7 @@ public class XnatWebAppInitializer extends AbstractAnnotationConfigDispatcherSer
         super.onStartup(context);
 
         // Now initialize everything else.
+        context.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class).addMappingForUrlPatterns(null, false, "/*");
         context.addFilter("updateExpirationCookie", UpdateExpirationCookie.class);
 
         context.addListener(XnatSessionEventPublisher.class);
diff --git a/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java b/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java
index 5227aa20..438179c1 100644
--- a/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java
+++ b/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java
@@ -48,8 +48,6 @@ public class XnatSessionEventPublisher implements HttpSessionListener, ServletCo
             _log.debug("Publishing event: " + e);
         }
 
-        // TODO: This should be wired to a database setting so that the admin can change the session timeout value.
-        session.setMaxInactiveInterval(900);
         session.setAttribute("XNAT_CSRF", UUID.randomUUID().toString());
 
         getContext(session.getServletContext()).publishEvent(e);
diff --git a/src/main/webapp/WEB-INF/conf/xnat-security.xml b/src/main/webapp/WEB-INF/conf/xnat-security.xml
index 9efc1436..a3bc84b9 100644
--- a/src/main/webapp/WEB-INF/conf/xnat-security.xml
+++ b/src/main/webapp/WEB-INF/conf/xnat-security.xml
@@ -16,8 +16,6 @@
 
     <context:annotation-config />
 
-    <context:component-scan base-package="org.nrg.xnat.security.controllers"/>
-
     <util:list id="decisionVoters">
         <ref bean="roleVoter"/>
         <ref bean="authenticatedVoter"/>
@@ -129,7 +127,6 @@
         </property>
         <property name="adminUrls">
             <list>
-                <value>/monitoring*</value>
                 <value>/app/template/AdminSummary.vm*</value>
                 <value>/app/template/Configuration.vm*</value>
                 <value>/app/template/XDATScreen_EditScript.vm/user/Test*</value>
@@ -146,6 +143,7 @@
                 <value>/app/template/XDATScreen_manage_news.vm*</value>
                 <value>/app/template/XDATScreen_manage_pipeline.vm*</value>
                 <value>/app/template/XDATScreen_roles.vm*</value>
+                <value>/monitoring*</value>
             </list>
         </property>
     </bean>
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index be7a9476..527141d8 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,15 @@
     </welcome-file-list>
     <!-- ======================================================================== -->
     <!--                                                                          -->
+    <!-- Set the session configuration settings, which is basically just the      -->
+    <!-- session timeout value specified in minutes.                              -->
+    <!--                                                                          -->
+    <!-- ======================================================================== -->
+    <session-config>
+        <session-timeout>15</session-timeout>
+    </session-config>
+    <!-- ======================================================================== -->
+    <!--                                                                          -->
     <!-- Mapping HTTP error codes and exceptions to custom error pages to make    -->
     <!-- the display a bit more pleasant and preserve system confidentiality.     -->
     <!--                                                                          -->
-- 
GitLab