diff --git a/src/main/java/caosdb/server/accessControl/SelfValidatingAuthenticationToken.java b/src/main/java/caosdb/server/accessControl/SelfValidatingAuthenticationToken.java
index 8a3ccb755b39aa73511107386a529c4d08fafb2f..119a86248b83a472df0d2981db43d9a6cc1962f0 100644
--- a/src/main/java/caosdb/server/accessControl/SelfValidatingAuthenticationToken.java
+++ b/src/main/java/caosdb/server/accessControl/SelfValidatingAuthenticationToken.java
@@ -147,12 +147,13 @@ public abstract class SelfValidatingAuthenticationToken extends Principal
@Override
public abstract String toString();
- /** Implementation specific version of a peppered checksum.
+ /**
+ * Implementation specific version of a peppered checksum.
*
- * For secure opration, implementing classes must make sure that the pepper is actually used in
- * calculating the checksum and that the checksum can not be used to infer information about the
- * pepper. This can be achieved for example by using the {@link calcChecksum(final Object... fields)}
- * method.
+ * <p>For secure operation, implementing classes must make sure that the pepper is actually used
+ * in calculating the checksum and that the checksum can not be used to infer information about
+ * the pepper. This can be achieved for example by using the {@link calcChecksum(final Object...
+ * fields)} method.
*/
public abstract String calcChecksum(String pepper);
diff --git a/src/test/java/caosdb/server/authentication/AuthTokenTest.java b/src/test/java/caosdb/server/authentication/AuthTokenTest.java
index 7fb22fe96fb6d8140a9834d5cc2061d48bb8d637..17371c527fb6f68ba3b21853a23a656cf20abc27 100644
--- a/src/test/java/caosdb/server/authentication/AuthTokenTest.java
+++ b/src/test/java/caosdb/server/authentication/AuthTokenTest.java
@@ -125,15 +125,21 @@ public class AuthTokenTest {
Assert.assertTrue(t6.isHashValid());
Assert.assertFalse(t6.isValid());
- Assert.assertEquals(t1.toString(), SessionToken.parse(t1.toString()).toString());
- Assert.assertEquals(t3.toString(), SessionToken.parse(t3.toString()).toString());
- Assert.assertEquals(t5.toString(), SessionToken.parse(t5.toString()).toString());
- Assert.assertEquals(t6.toString(), SessionToken.parse(t6.toString()).toString());
-
- Assert.assertFalse(SessionToken.parse(t1.toString()).isHashValid());
- Assert.assertTrue(SessionToken.parse(t3.toString()).isHashValid());
- Assert.assertTrue(SessionToken.parse(t5.toString()).isHashValid());
- Assert.assertTrue(SessionToken.parse(t6.toString()).isHashValid());
+ // All tokens can be successfully parsed back.
+ final SelfValidatingAuthenticationToken t1p = SessionToken.parse(t1.toString());
+ final SelfValidatingAuthenticationToken t3p = SessionToken.parse(t3.toString());
+ final SelfValidatingAuthenticationToken t5p = SessionToken.parse(t5.toString());
+ final SelfValidatingAuthenticationToken t6p = SessionToken.parse(t6.toString());
+ Assert.assertEquals(t1.toString(), t1p.toString());
+ Assert.assertEquals(t3.toString(), t3p.toString());
+ Assert.assertEquals(t5.toString(), t5p.toString());
+ Assert.assertEquals(t6.toString(), t6p.toString());
+
+ // ... and parsed tokens have the correct hash validation
+ Assert.assertFalse(t1p.isHashValid());
+ Assert.assertTrue(t3p.isHashValid());
+ Assert.assertTrue(t5p.isHashValid());
+ Assert.assertTrue(t6p.isHashValid());
Assert.assertFalse(
AuthenticationUtils.parseSessionTokenCookie(
@@ -167,12 +173,13 @@ public class AuthTokenTest {
Assert.assertTrue(t1.isValid());
String serialized = t1.toString();
- SelfValidatingAuthenticationToken parsed = OneTimeAuthenticationToken.parse(serialized);
+ OneTimeAuthenticationToken parsed =
+ (OneTimeAuthenticationToken) OneTimeAuthenticationToken.parse(serialized);
Assert.assertEquals(t1, parsed);
Assert.assertEquals(serialized, parsed.toString());
- Assert.assertEquals(1L, t1.getMaxReplays());
+ Assert.assertEquals(1L, parsed.getMaxReplays());
Assert.assertFalse(parsed.isExpired());
Assert.assertTrue(parsed.isHashValid());
Assert.assertTrue(parsed.isValid());