Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '7.0.x'

Browse Source
This commit is contained in:
Joe Grandja
2026-04-07 15:47:01 -04:00
parent 1e979d6f52 41524880c6
commit 3008848158
4 changed files with 39 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java
+16 -1
View File
@@ -26,6 +26,8 @@ import java.util.UUID;
import org.jspecify.annotations.Nullable;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
@@ -142,7 +144,7 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
SessionInformation sessionInformation = context.get(SessionInformation.class);
if (sessionInformation != null) {
claimsBuilder.claim("sid", sessionInformation.getSessionId());
claimsBuilder.claim(IdTokenClaimNames.AUTH_TIME, sessionInformation.getLastRequest());
claimsBuilder.claim(IdTokenClaimNames.AUTH_TIME, getAuthenticationTime(context.getPrincipal()));
}
}
else if (AuthorizationGrantType.REFRESH_TOKEN.equals(authorizationGrantType)) {
@@ -229,4 +231,17 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
this.clock = clock;
}
static Date getAuthenticationTime(Authentication authentication) {
Instant authenticationTime = null;
for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
if (grantedAuthority instanceof FactorGrantedAuthority factorGrantedAuthority) {
if (authenticationTime == null || factorGrantedAuthority.getIssuedAt().isAfter(authenticationTime)) {
authenticationTime = factorGrantedAuthority.getIssuedAt();
}
}
}
Assert.notNull(authenticationTime, "authenticationTime cannot be null");
return Date.from(authenticationTime);
}
}
oauth2/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/TestOAuth2Authorizations.java
+7 -2
View File
@@ -24,6 +24,9 @@ import java.util.HashMap;
import java.util.Map;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
@@ -85,6 +88,9 @@ public final class TestOAuth2Authorizations {
.additionalParameters(authorizationRequestAdditionalParameters)
.state("state")
.build();
Authentication principal = new TestingAuthenticationToken("principal", null,
new SimpleGrantedAuthority("ROLE_A"), new SimpleGrantedAuthority("ROLE_B"),
FactorGrantedAuthority.fromAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY));
OAuth2Authorization.Builder builder = OAuth2Authorization.withRegisteredClient(registeredClient)
.id("id")
.principalName("principal")
@@ -93,8 +99,7 @@ public final class TestOAuth2Authorizations {
.token(authorizationCode)
.attribute(OAuth2ParameterNames.STATE, "consent-state")
.attribute(OAuth2AuthorizationRequest.class.getName(), authorizationRequest)
.attribute(Principal.class.getName(),
new TestingAuthenticationToken("principal", null, "ROLE_A", "ROLE_B"));
.attribute(Principal.class.getName(), principal);
if (accessToken != null) {
OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", Instant.now(),
Instant.now().plus(1, ChronoUnit.HOURS));
oauth2/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java
+1 -1
View File
@@ -363,7 +363,7 @@ public class JwtGeneratorTests {
SessionInformation sessionInformation = tokenContext.get(SessionInformation.class);
assertThat(jwtClaimsSet.<String>getClaim("sid")).isEqualTo(sessionInformation.getSessionId());
assertThat(jwtClaimsSet.<Date>getClaim(IdTokenClaimNames.AUTH_TIME))
.isEqualTo(sessionInformation.getLastRequest());
.isEqualTo(JwtGenerator.getAuthenticationTime(tokenContext.getPrincipal()));
}
else if (tokenContext.getAuthorizationGrantType().equals(AuthorizationGrantType.REFRESH_TOKEN)) {
OidcIdToken currentIdToken = tokenContext.getAuthorization().getToken(OidcIdToken.class).getToken();