[Minor] Don't allow certificate with keepAlive if not enabled globally

2020-06-05 15:44:22 +02:00 · 2020-06-05 15:44:22 +02:00 · 3c51f8ccee
parent beffa8c6c3
commit 3c51f8ccee
1 changed files with 2 additions and 2 deletions
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
@ -1321,8 +1321,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 		DBC.PRE.assertNotEmpty("source must not be empty!", source);
 		Set<String> userRoles = user.getRoles();
 		return new Certificate(usage, sessionId, user.getUsername(), user.getFirstname(), user.getLastname(),
-				user.getUserState(), authToken, source, loginTime, keepAlive, user.getLocale(), userRoles,
-				new HashMap<>(user.getProperties()));
+				user.getUserState(), authToken, source, loginTime, keepAlive && this.allowSessionRefresh,
+				user.getLocale(), userRoles, new HashMap<>(user.getProperties()));
 	}

 	private synchronized boolean persistSessions() {