root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Update OAuth 2.0 Client Testing Docs 

Issue gh-8603
This commit is contained in:
Josh Cummings 2020-05-27 16:22:58 -06:00
parent 42a8635cde
commit da05543ef6
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 8 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
docs/manual/src/docs/asciidoc/_includes/reactive/test.adoc
View File

@ -218,7 +218,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC
Spring Security does the necessary work to make sure that the `OidcUser` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>. Spring Security does the necessary work to make sure that the `OidcUser` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.
Further, it also links that `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into an `WebSessionOAuth2ServerAuthorizedClientRepository`. Further, it also links that `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into a mock `ServerOAuth2AuthorizedClientRepository`.
This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>.. This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>..
[[webflux-testing-oidc-login-authorities]] [[webflux-testing-oidc-login-authorities]]
@ -339,7 +339,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC
Spring Security does the necessary work to make sure that the `OAuth2User` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>. Spring Security does the necessary work to make sure that the `OAuth2User` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.
Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in an `WebSessionOAuth2ServerAuthorizedClientRepository`. Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in a mock `ServerOAuth2AuthorizedClientRepository`.
This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>. This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>.
[[webflux-testing-oauth2-login-authorities]] [[webflux-testing-oauth2-login-authorities]]
@ -431,7 +431,7 @@ public Mono<String> foo(@RegisteredOAuth2AuthorizedClient("my-app") OAuth2Author
---- ----
Simulating this handshake with the authorization server could be cumbersome. Simulating this handshake with the authorization server could be cumbersome.
Instead, you can use `SecurityMockServerConfigurers#oauth2Client` to add a `OAuth2AuthorizedClient` into an `WebSessionOAuth2ServerAuthorizedClientRepository`: Instead, you can use `SecurityMockServerConfigurers#oauth2Client` to add a `OAuth2AuthorizedClient` into a mock `ServerOAuth2AuthorizedClientRepository`:
[source,java] [source,java]
---- ----
@ -440,19 +440,6 @@ client
.get().uri("/endpoint").exchange(); .get().uri("/endpoint").exchange();
---- ----
If your application isn't already using an `WebSessionOAuth2ServerAuthorizedClientRepository`, then you can supply one as a `@TestConfiguration`:
[source,java]
----
@TestConfiguration
static class AuthorizedClientConfig {
@Bean
OAuth2ServerAuthorizedClientRepository authorizedClientRepository() {
return new WebSessionOAuth2ServerAuthorizedClientRepository();
}
}
----
What this will do is create an `OAuth2AuthorizedClient` that has a simple `ClientRegistration`, `OAuth2AccessToken`, and resource owner name. What this will do is create an `OAuth2AuthorizedClient` that has a simple `ClientRegistration`, `OAuth2AccessToken`, and resource owner name.
Specifically, it will include a `ClientRegistration` with a client id of "test-client" and client secret of "test-secret": Specifically, it will include a `ClientRegistration` with a client id of "test-client" and client secret of "test-secret":
@ -478,8 +465,7 @@ assertThat(authorizedClient.getAccessToken().getScopes()).hasSize(1);
assertThat(authorizedClient.getAccessToken().getScopes()).containsExactly("read"); assertThat(authorizedClient.getAccessToken().getScopes()).containsExactly("read");
---- ----
Spring Security does the necessary work to make sure that the `OAuth2AuthorizedClient` instance is available in the associated `HttpSession`. The client can then be retrieved as normal using `@RegisteredOAuth2AuthorizedClient` in a controller method.
That means that it can be retrieved from an `WebSessionOAuth2ServerAuthorizedClientRepository`.
[[webflux-testing-oauth2-client-scopes]] [[webflux-testing-oauth2-client-scopes]]
==== Configuring Scopes ==== Configuring Scopes

22
docs/manual/src/docs/asciidoc/_includes/servlet/test/mockmvc.adoc
View File

@ -309,7 +309,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC
Spring Security does the necessary work to make sure that the `OidcUser` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>. Spring Security does the necessary work to make sure that the `OidcUser` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.
Further, it also links that `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into an `HttpSessionOAuth2AuthorizedClientRepository`. Further, it also links that `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into an mock `OAuth2AuthorizedClientRepository`.
This can be handy if your tests <<testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>.. This can be handy if your tests <<testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>..
[[testing-oidc-login-authorities]] [[testing-oidc-login-authorities]]
@ -432,7 +432,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC
Spring Security does the necessary work to make sure that the `OAuth2User` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>. Spring Security does the necessary work to make sure that the `OAuth2User` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.
Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in an `HttpSessionOAuth2AuthorizedClientRepository`. Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in a mock `OAuth2AuthorizedClientRepository`.
This can be handy if your tests <<testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>. This can be handy if your tests <<testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>.
[[testing-oauth2-login-authorities]] [[testing-oauth2-login-authorities]]
@ -528,7 +528,7 @@ public String foo(@RegisteredOAuth2AuthorizedClient("my-app") OAuth2AuthorizedCl
---- ----
Simulating this handshake with the authorization server could be cumbersome. Simulating this handshake with the authorization server could be cumbersome.
Instead, you can use `SecurityMockMvcRequestPostProcessor#oauth2Client` to add a `OAuth2AuthorizedClient` into an `HttpSessionOAuth2AuthorizedClientRepository`: Instead, you can use `SecurityMockMvcRequestPostProcessor#oauth2Client` to add a `OAuth2AuthorizedClient` into a mock `OAuth2AuthorizedClientRepository`:
[source,java] [source,java]
---- ----
@ -536,19 +536,6 @@ mvc
.perform(get("/endpoint").with(oauth2Client("my-app"))); .perform(get("/endpoint").with(oauth2Client("my-app")));
---- ----
If your application isn't already using an `HttpSessionOAuth2AuthorizedClientRepository`, then you can supply one as a `@TestConfiguration`:
[source,java]
----
@TestConfiguration
static class AuthorizedClientConfig {
@Bean
OAuth2AuthorizedClientRepository authorizedClientRepository() {
return new HttpSessionOAuth2AuthorizedClientRepository();
}
}
----
What this will do is create an `OAuth2AuthorizedClient` that has a simple `ClientRegistration`, `OAuth2AccessToken`, and resource owner name. What this will do is create an `OAuth2AuthorizedClient` that has a simple `ClientRegistration`, `OAuth2AccessToken`, and resource owner name.
Specifically, it will include a `ClientRegistration` with a client id of "test-client" and client secret of "test-secret": Specifically, it will include a `ClientRegistration` with a client id of "test-client" and client secret of "test-secret":
@ -574,8 +561,7 @@ assertThat(authorizedClient.getAccessToken().getScopes()).hasSize(1);
assertThat(authorizedClient.getAccessToken().getScopes()).containsExactly("read"); assertThat(authorizedClient.getAccessToken().getScopes()).containsExactly("read");
---- ----
Spring Security does the necessary work to make sure that the `OAuth2AuthorizedClient` instance is available in the associated `HttpSession`. The client can then be retrieved as normal using `@RegisteredOAuth2AuthorizedClient` in a controller method.
That means that it can be retrieved from an `HttpSessionOAuth2AuthorizedClientRepository`.
[[testing-oauth2-client-scopes]] [[testing-oauth2-client-scopes]]
===== Configuring Scopes ===== Configuring Scopes