Align dat.uuid.max_number_per_user default with documented value

[officialasishkumar]

Fix #11907

Describe changes proposed in this pull request:

• Change the Spring @Value default for dat.uuid.max_number_per_user in UuidDataAccessTokenServiceImpl from -1 to 1, matching the value documented in Authenticating-Users-via-Tokens.md and security.properties-Reference.md.
• Add a regression test (UuidDataAccessTokenServiceImplDefaultsTest) that verifies the resolved value is 1 when the property is left unset.

The previous default of -1 produced an unusable configuration. UuidDataAccessTokenServiceImpl.createDataAccessToken performs getNumberOfTokensForUsername(username) >= maxNumberOfAccessTokens and then calls revokeOldestDataAccessTokenForUsername whenever the check passes. With maxNumberOfAccessTokens = -1 the inequality is satisfied for any non-negative count, including zero, so the very first token request for a user triggers a revoke against an empty token list and raises IndexOutOfBoundsException from allDataAccessTokens.get(0). Operators who deployed UUID tokens without explicitly setting the property were therefore broken in a way that did not match the docs (which state a default of 1 with permissible values "greater than zero"). Switching the default to 1 gives the "one outstanding token, replaced on new requests" behaviour the docs already promise.

Checks

• The commit log is comprehensible. It follows 7 rules of great commit messages. We can fix this during merge by using a squash+merge if necessary
• Has tests or has a separate issue that describes the types of test that should be created. If no test is included it should explicitly be mentioned in the PR why there is no test.
• Is this PR adding logic based on one or more clinical attributes? If yes, please make sure validation for this attribute is also present in the data validation / data loading layers (in backend repo) and documented in File-Formats Clinical data section! (n/a)
• Make sure your PR has one of the labels defined in https://github.com/cBioPortal/cbioportal/blob/master/.github/release-drafter.yml

Any screenshots or GIFs?

Not applicable — backend default value change.

Notify reviewers

Please use git blame and the normal review flow for UuidDataAccessTokenServiceImpl.java (most recent touches to the token service / token configuration). Related issue #11921 covers the analogous mismatch for dat.ttl_seconds and is already assigned, so it is intentionally left out of this PR.

[Copilot]

Pull request overview

This PR aligns the UUID data access token per-user default with the documented configuration value, fixing the mismatch described in #11907.

Changes:

• Updates dat.uuid.max_number_per_user default from -1 to 1.
• Adds a regression test verifying the default resolves to 1 when unset.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
src/main/java/org/cbioportal/legacy/service/impl/UuidDataAccessTokenServiceImpl.java	Changes the Spring @Value fallback for UUID token limit to 1.
src/test/java/org/cbioportal/legacy/service/impl/UuidDataAccessTokenServiceImplDefaultsTest.java	Adds coverage for the documented default value when the property is not configured.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud