diff --git a/oap-ws-sso-api/src/main/java/oap/ws/sso/JwtTokenGenerator.java b/oap-ws-sso-api/src/main/java/oap/ws/sso/JwtTokenGenerator.java index ebe7a27d..08d8f8cc 100644 --- a/oap-ws-sso-api/src/main/java/oap/ws/sso/JwtTokenGenerator.java +++ b/oap-ws-sso-api/src/main/java/oap/ws/sso/JwtTokenGenerator.java @@ -54,7 +54,7 @@ public Pair generateAccessToken( User user ) throws JWTCreationExc .withClaim( "user", user.getEmail() ) .withClaim( "roles", user.getRoles() ) .withIssuer( issuer ) - .withExpiresAt( new Date( System.currentTimeMillis() + accessSecretExpiration ) ) + .withExpiresAt( expiresAt ) .sign( algorithm ) ); } diff --git a/oap-ws-sso-api/src/main/java/oap/ws/sso/SSO.java b/oap-ws-sso-api/src/main/java/oap/ws/sso/SSO.java index d8c15882..e8015083 100644 --- a/oap-ws-sso-api/src/main/java/oap/ws/sso/SSO.java +++ b/oap-ws-sso-api/src/main/java/oap/ws/sso/SSO.java @@ -32,6 +32,7 @@ import javax.annotation.Nullable; +import java.time.Instant; import java.util.Date; import java.util.Objects; @@ -75,7 +76,7 @@ public static Response authenticatedResponse( Authentication authentication, Str } private static DateTime getExpirationTimeCookie( Date expirationInToken, long cookieExpiration ) { - return new DateTime( UTC ).plus( expirationInToken != null ? expirationInToken.getTime() : cookieExpiration ); + return expirationInToken != null ? new DateTime( expirationInToken ) : new DateTime( cookieExpiration ); } public static Response logoutResponse( String cookieDomain ) { diff --git a/oap-ws-sso-api/src/test/java/oap/ws/sso/JwtTokenGeneratorExtractorTest.java b/oap-ws-sso-api/src/test/java/oap/ws/sso/JwtTokenGeneratorExtractorTest.java index 398c13e3..0bbc9974 100644 --- a/oap-ws-sso-api/src/test/java/oap/ws/sso/JwtTokenGeneratorExtractorTest.java +++ b/oap-ws-sso-api/src/test/java/oap/ws/sso/JwtTokenGeneratorExtractorTest.java @@ -25,8 +25,12 @@ package oap.ws.sso; import oap.util.Pair; +import org.joda.time.DateTime; import org.testng.annotations.Test; +import java.time.Duration; +import java.time.temporal.*; +import java.time.Instant; import java.util.Date; import java.util.Set; @@ -38,7 +42,7 @@ public class JwtTokenGeneratorExtractorTest extends AbstractUserTest { - private final JwtTokenGenerator jwtTokenGenerator = new JwtTokenGenerator( "secret", "secret", "issuer", 100000, 100000 ); + private final JwtTokenGenerator jwtTokenGenerator = new JwtTokenGenerator( "secret", "secret", "issuer", 15 * 60 * 1000, 15 * 60 * 1000 * 24 ); private final JWTExtractor jwtExtractor = new JWTExtractor( "secret", "issuer", new SecurityRoles( new TestSecurityRolesProvider() ) ); @Test @@ -46,6 +50,9 @@ public void generateAndExtractToken() { final Pair token = jwtTokenGenerator.generateAccessToken( new TestUser( "email@email.com", "password", Pair.of( "org1", "ADMIN" ) ) ); assertNotNull( token._1 ); assertString( token._2 ).isNotEmpty(); + Instant expirationTime = token._1.toInstant().truncatedTo( ChronoUnit.MINUTES ); + Instant expectedExpirationTime = ( Instant.now().plus( Duration.ofMinutes( 15 ) ).truncatedTo( ChronoUnit.MINUTES ) ); + assertTrue( ( expirationTime.compareTo( expectedExpirationTime ) ) == 0 ); assertTrue( jwtExtractor.verifyToken( token._2 ) ); assertEquals( jwtExtractor.getUserEmail( token._2 ), "email@email.com" ); assertEquals( jwtExtractor.getPermissions( token._2, "org1" ), Set.of( "accounts:list", "accounts:create" ) ); diff --git a/pom.xml b/pom.xml index 2e027405..2d241ce3 100644 --- a/pom.xml +++ b/pom.xml @@ -71,7 +71,7 @@ - 21.1.1 + 21.1.2 21.1.0 21.0.0