Pull request for release. This adds transaction cleanup and unused cl…

…ient cleanup plus a small tweak to toe QDL policies file and addresses

#12
#13
https://jira.ncsa.illinois.edu/browse/CIL-1772

scitokens-server/etc/server-config.xml.tmpl

@@ -9,6 +9,7 @@
              refreshTokenEnabled="true"
              enableTokenExchange="true"
              clientSecretLength="24"
+             cleanupInterval= "60 min"
              scheme="oa4mp"
              schemeSpecificPart=""
              debug="trace"
@@ -17,6 +18,14 @@
              issuer="https://{HOSTNAME}/scitokens-server"
              address="https://{HOSTNAME}/scitokens-server">
 
+        <unusedClientCleanup gracePeriod="6 hr"
+                             deleteVersions="false"
+                             enabled="true"
+                             interval="4 hr">
+          <whitelist>
+             <clientID>localhost:template</clientID>
+          </whitelist>
+        </unusedClientCleanup>
         <logging
                 logFileName="/dev/stdout"
                 logName="scitokens-server"

scitokens-server/var/qdl/scitokens/policies.qdl

@@ -2,6 +2,9 @@
    Basic script to fetch the capabilities for a user (by eppn here) and
    put it in the scopes for the access token.
 */
+ jload('edu.uiuc.ncsa.myproxy.oa4mp.qdl.claims.OA2Module');
+ jload('edu.uiuc.ncsa.myproxy.oa4mp.qdl.acl.AccessControlModule')
+
 define[
    stAud(x.)
  ][
@@ -17,7 +20,6 @@ define[
    /* Uncomment next two lines if you want to enable default user support */
    cfg.use_default := true;
  cfg.default_claim := 'default_claim';
-
    // Snarf up the exactly the EPE from the claims using the subject.
               eta. := get_claims(create_source(cfg.), claims.'sub');