fixes for disabling json API, keeping signed data

2 files changed, 6 insertions, 1 deletions

diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index 691ab423..c9c43fa3 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -1148,6 +1148,7 @@ public class PdfAsHelper {
 		HttpSession session = request.getSession();
 		Object signedData = session.getAttribute(PDF_SIGNED_DATA_CREATED);
 		if (signedData == null) {
+			logger.warn("Cannot find signed data created timestamp in session.");
 			return true;
 		}
 
@@ -1157,7 +1158,10 @@ public class PdfAsHelper {
 
 			long validUntil = created + 300000;
 
-			return validUntil > now;
+			logger.warn("Signed data is expired valid until {} now {}",
+					validUntil, now);
+
+			return validUntil < now;
 		}
 		logger.warn("PDF_SIGNED_DATA_CREATED in session is not a long type!");
 		return true;
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java
index 67b242d0..0cee185a 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java
@@ -59,6 +59,7 @@ public class JSONAPIServlet extends HttpServlet {
         if(!WebConfiguration.isJSONAPIEnabled()) {
             logger.info("Access to JSON API, but JSON API is disabled. Returning 404 error.");
             resp.sendError(404);
+            return;
         }
 
         String jsonString = IOUtils.toString(req.getInputStream(), "UTF-8");