Implement a fail safe way to ensure the system clock has advanced enough to ensure the time has changed

This can later be refactored to using a TimeService with manual advancement, as to not have delays

Author: fhanik

uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java

@@ -47,6 +47,7 @@
 import org.cloudfoundry.identity.uaa.user.UaaUser;
 import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
 import org.cloudfoundry.identity.uaa.util.AlphanumericRandomValueStringGenerator;
+import org.cloudfoundry.identity.uaa.util.TimeService;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.cloudfoundry.identity.uaa.util.SessionUtils;
 import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.ZoneResolutionMode;
@@ -1023,25 +1024,40 @@ void clientIdentityProviderWithoutAllowedProvidersForPasswordGrantWorksInOtherZo
 
     @Test
     void getToken_withPasswordGrantType_resultsInUserLastLogonTimestampUpdate() throws Exception {
-        long delayTime = 15;
+        TimeService timeService = webApplicationContext.getBean(TimeService.class);
+        long delayTime = 2;
         String username = "testuser" + generator.generate();
         String userScopes = "uaa.user";
         ScimUser user = setUpUser(jdbcScimUserProvisioning, jdbcScimGroupMembershipManager, jdbcScimGroupProvisioning, username, userScopes, OriginKeys.UAA, IdentityZone.getUaaZoneId());
         webApplicationContext.getBean(UaaUserDatabase.class).updateLastLogonTime(user.getId());
         webApplicationContext.getBean(UaaUserDatabase.class).updateLastLogonTime(user.getId());
-
+        // On a fast processor there isn't enough granularity in the time; ensure the clock has moved
+        // before each password grant so we get distinct last-logon timestamps. Only sleep when needed.
+        // Use the same TimeService as production so we observe the same clock.
+        long afterSetup = timeService.getCurrentTimeMillis();
+        ensureClockMoved(timeService, afterSetup, delayTime);
         String accessToken = getAccessTokenForPasswordGrant(username);
         Long firstTimestamp = getPreviousLogonTime(accessToken);
-        //simulate two sequential tests
-        //on a fast processor, there isn't enough granularity in the time
-        Thread.sleep(delayTime);
+        long afterFirstGrant = timeService.getCurrentTimeMillis();
+        ensureClockMoved(timeService, afterFirstGrant, delayTime);
         String accessToken2 = getAccessTokenForPasswordGrant(username);
         Long secondTimestamp = getPreviousLogonTime(accessToken2);
 
         assertThat(secondTimestamp).isNotEqualTo(firstTimestamp);
         assertThat(firstTimestamp).isLessThan(secondTimestamp);
     }
 
+    /**
+     * Waits until the application's {@link TimeService} clock has advanced past {@code notBefore}.
+     * Only sleeps when the clock has not yet moved, so fast runs avoid unnecessary delay.
+     * Uses the same TimeService as production (e.g. last-logon updates) so we observe the same clock.
+     */
+    private void ensureClockMoved(TimeService timeService, long notBefore, long sleepMs) throws InterruptedException {
+        while (timeService.getCurrentTimeMillis() <= notBefore) {
+            Thread.sleep(sleepMs);
+        }
+    }
+
     private String getAccessTokenForPasswordGrant(String username) throws Exception {
         String response = mockMvc.perform(
                         post("/oauth/token")