From 2a013ffaa25c43e7977f4c80a97d7c73d4ac4a7a Mon Sep 17 00:00:00 2001
From: wonderfulrosemari <whwlsgur1419@naver.com>
Date: Sat, 28 Feb 2026 01:19:48 +0900
Subject: [PATCH] Clarify @WithSecurityContext thread scope

Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
---
 docs/modules/ROOT/pages/servlet/test/method.adoc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/modules/ROOT/pages/servlet/test/method.adoc b/docs/modules/ROOT/pages/servlet/test/method.adoc
index d5195426ce..99bbe9c739 100644
--- a/docs/modules/ROOT/pages/servlet/test/method.adoc
+++ b/docs/modules/ROOT/pages/servlet/test/method.adoc
@@ -184,6 +184,13 @@ You can change this to happen during the `TestExecutionListener.beforeTestExecut
 @WithSecurityContext(setupBefore = TestExecutionEvent.TEST_EXECUTION)
 ----
 
+[NOTE]
+====
+`@WithMockUser`, `@WithUserDetails`, and `@WithSecurityContext` populate the xref:servlet/authentication/architecture.adoc#servlet-authentication-securitycontextholder[`SecurityContextHolder`] for the test thread.
+This works for method-security tests and for xref:servlet/test/mockmvc/index.adoc[`MockMvc`] (when using `testSecurityContext()`), but does not automatically apply to full HTTP requests made through external clients (for example, REST-assured against a running server), because those requests are handled on a different thread.
+For end-to-end HTTP tests, xref:servlet/authentication/index.adoc[authenticate] the request itself (for example, with HTTP Basic or a bearer token).
+====
+
 
 [[test-method-meta-annotations]]
 == Test Meta Annotations