better docs, implemented cron to remove expired authentication tokens from the database

README

@@ -38,6 +38,14 @@ INSTALLATION
 CONFIGURATION
 -------------
 
+The islandora_drupal_filter passes the username of 'anonymous' through to 
+Fedora for unauthenticated Drupal Users.  A user with the name of 'anonymous'
+may have XACML policies applied to them that are meant to be applied to Drupal
+users that are not logged in or vice-versa.  This is a potential security issue
+that can be plugged by creating a user named 'anonymous' and restricting access
+to the account.
+
+Drupal's cron will can be ran to remove expired authentication tokens.
 
 CUSTOMIZATION
 -------------

includes/islandora_authtokens.inc

@@ -110,3 +110,13 @@ function islandora_validate_object_token($pid, $dsid, $token) {
     return FALSE;
   }
 }
+
+/**
+ * Will remove any expired authentication tokens.
+ */
+function islandora_remove_expired_tokens() {
+  $time = time();
+  db_delete("islandora_authtokens")
+    ->condition('time', $time - TOKEN_TIMEOUT, '<')
+    ->execute();
+}

islandora.module

@@ -872,3 +872,13 @@ function islandora_post_delete_datastream(FedoraObject $object, $datastream_id)
     module_invoke_all($hook, $object, $datastream_id);
   }
 }
+
+/**
+ * Implements hook_cron()
+ * 
+ * Removes expired authentication tokens.
+ */
+function islandora_cron() {
+  module_load_include('inc', 'islandora', 'includes/islandora_authtokens');
+  islandora_remove_expired_tokens();
+}