Skip to content

Add TimestampedGrantedAuthority for time-based authorization #17867

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add TimestampedGrantedAuthority for time-based authorization #17867

wants to merge 1 commit into from
+345 −0

Conversation

yybmion
Copy link
Contributor

@yybmion yybmion commented Sep 10, 2025
edited
Loading

Adds TimestampedGrantedAuthority to support time-based authorization rules as described in #17864 .

Changes

  • New TimestampedGrantedAuthority class implementing GrantedAuthority
  • Builder pattern with temporal fields: issuedAt, notBefore, expiresAt
  • Add serialization sample and generated .serialized file
  • Comprehensive test coverage

Usage

// Authority that expires after 5 minutes
GrantedAuthority authority = TimestampedGrantedAuthority
    .withAuthority("profile:read")
    .expiresAt(Instant.now().plusSeconds(300))
    .build();

Fixes #17864

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 10, 2025
@yybmion
Copy link
Contributor Author

yybmion commented Sep 10, 2025
edited
Loading

I think the build failure appears to be related to serialization tests(SpringSecurityCoreVersionSerializableTests) - TimestampedGrantedAuthority is a new class without existing serialized files from previous versions. How should this be handled?

@jzheaux
Copy link
Contributor

jzheaux commented Sep 11, 2025

@yybmion thanks for the PR and for double-checking regarding serialization. Can you please add the following to the PR:

  1. Favor a random value for the serialization id
  2. Add a sample construction to SerializationSamples
  3. Enable the test SpringSecurityCoreVersionSerializableTests#serializeCurrentVersionClasses and run it. This will generate the needed file.
  4. Re-disable the test

In the end, there should be three file changes in your PR: The new authority implementation, a .serialized file, and SerializationSamples.

@jzheaux jzheaux self-assigned this Sep 11, 2025
@jzheaux jzheaux added in: core An issue in spring-security-core type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 11, 2025
@jzheaux jzheaux added this to the 7.0.0-M3 milestone Sep 11, 2025
@yybmion
Add TimestampedGrantedAuthority for time-based authorization
8f64ab9 
- Implement GrantedAuthority with temporal constraints (issuedAt, notBefore, expiresAt)
- Use Builder pattern for flexible construction
- Default issuedAt to Instant.now() when not specified
- Add serialization sample and generated .serialized file
- Add comprehensive tests

Closes spring-projectsgh-17864

Signed-off-by: yybmion <[email protected]>
@yybmion
Copy link
Contributor Author

yybmion commented Sep 11, 2025

Thanks for the guidance @jzheaux. I’ve added the .serialized file and pushed the changes.

@jzheaux jzheaux modified the milestones: 7.0.0-M3, 7.0.0-RC1 Sep 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
None yet
Milestone
7.0.0-RC1
Development

Successfully merging this pull request may close these issues.

Add Timestamped GrantedAuthority
3 participants
@yybmion @jzheaux @spring-projects-issues