Update OAuth 2.0 Client Testing Docs

Issue gh-8603
6 years ago · da05543ef6
2 changed files with 8 additions and 36 deletions
--- a/docs/manual/src/docs/asciidoc/_includes/reactive/test.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/reactive/test.adoc
@ -218,7 +218,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC
				@@ -218,7 +218,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC

 Spring Security does the necessary work to make sure that the `OidcUser` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.

-Further, it also links that `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into an `WebSessionOAuth2ServerAuthorizedClientRepository`.
+Further, it also links that `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into a mock `ServerOAuth2AuthorizedClientRepository`.
 This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>..

 [[webflux-testing-oidc-login-authorities]]
@ -339,7 +339,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC
				@@ -339,7 +339,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC

 Spring Security does the necessary work to make sure that the `OAuth2User` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.

-Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in an `WebSessionOAuth2ServerAuthorizedClientRepository`.
+Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in a mock `ServerOAuth2AuthorizedClientRepository`.
 This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>.

 [[webflux-testing-oauth2-login-authorities]]
@ -431,7 +431,7 @@ public Mono<String> foo(@RegisteredOAuth2AuthorizedClient("my-app") OAuth2Author
				@@ -431,7 +431,7 @@ public Mono<String> foo(@RegisteredOAuth2AuthorizedClient("my-app") OAuth2Author
 ----

 Simulating this handshake with the authorization server could be cumbersome.
-Instead, you can use `SecurityMockServerConfigurers#oauth2Client` to add a `OAuth2AuthorizedClient` into an `WebSessionOAuth2ServerAuthorizedClientRepository`:
+Instead, you can use `SecurityMockServerConfigurers#oauth2Client` to add a `OAuth2AuthorizedClient` into a mock `ServerOAuth2AuthorizedClientRepository`:

 [source,java]
 ----
@ -440,19 +440,6 @@ client
				@@ -440,19 +440,6 @@ client
    .get().uri("/endpoint").exchange();
 ----

-If your application isn't already using an `WebSessionOAuth2ServerAuthorizedClientRepository`, then you can supply one as a `@TestConfiguration`:
-
-[source,java]
----
-@TestConfiguration
-static class AuthorizedClientConfig {
-    @Bean
-    OAuth2ServerAuthorizedClientRepository authorizedClientRepository() {
-        return new WebSessionOAuth2ServerAuthorizedClientRepository();
-    }
-}
----
-
 What this will do is create an `OAuth2AuthorizedClient` that has a simple `ClientRegistration`, `OAuth2AccessToken`, and resource owner name.

 Specifically, it will include a `ClientRegistration` with a client id of "test-client" and client secret of "test-secret":
@ -478,8 +465,7 @@ assertThat(authorizedClient.getAccessToken().getScopes()).hasSize(1);
				@@ -478,8 +465,7 @@ assertThat(authorizedClient.getAccessToken().getScopes()).hasSize(1);
 assertThat(authorizedClient.getAccessToken().getScopes()).containsExactly("read");
 ----

-Spring Security does the necessary work to make sure that the `OAuth2AuthorizedClient` instance is available in the associated `HttpSession`.
-That means that it can be retrieved from an `WebSessionOAuth2ServerAuthorizedClientRepository`.
+The client can then be retrieved as normal using `@RegisteredOAuth2AuthorizedClient` in a controller method.

 [[webflux-testing-oauth2-client-scopes]]
 ==== Configuring Scopes
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/test/mockmvc.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/test/mockmvc.adoc
@ -309,7 +309,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC
				@@ -309,7 +309,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC

 Spring Security does the necessary work to make sure that the `OidcUser` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.

-Further, it also links that `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into an `HttpSessionOAuth2AuthorizedClientRepository`.
+Further, it also links that `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into an mock `OAuth2AuthorizedClientRepository`.
 This can be handy if your tests <<testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>..

 [[testing-oidc-login-authorities]]
@ -432,7 +432,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC
				@@ -432,7 +432,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC

 Spring Security does the necessary work to make sure that the `OAuth2User` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.

-Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in an `HttpSessionOAuth2AuthorizedClientRepository`.
+Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in a mock `OAuth2AuthorizedClientRepository`.
 This can be handy if your tests <<testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>.

 [[testing-oauth2-login-authorities]]
@ -528,7 +528,7 @@ public String foo(@RegisteredOAuth2AuthorizedClient("my-app") OAuth2AuthorizedCl
				@@ -528,7 +528,7 @@ public String foo(@RegisteredOAuth2AuthorizedClient("my-app") OAuth2AuthorizedCl
 ----

 Simulating this handshake with the authorization server could be cumbersome.
-Instead, you can use `SecurityMockMvcRequestPostProcessor#oauth2Client` to add a `OAuth2AuthorizedClient` into an `HttpSessionOAuth2AuthorizedClientRepository`:
+Instead, you can use `SecurityMockMvcRequestPostProcessor#oauth2Client` to add a `OAuth2AuthorizedClient` into a mock `OAuth2AuthorizedClientRepository`:

 [source,java]
 ----
@ -536,19 +536,6 @@ mvc
				@@ -536,19 +536,6 @@ mvc
    .perform(get("/endpoint").with(oauth2Client("my-app")));
 ----

-If your application isn't already using an `HttpSessionOAuth2AuthorizedClientRepository`, then you can supply one as a `@TestConfiguration`:
-
-[source,java]
----
-@TestConfiguration
-static class AuthorizedClientConfig {
-    @Bean
-    OAuth2AuthorizedClientRepository authorizedClientRepository() {
-        return new HttpSessionOAuth2AuthorizedClientRepository();
-    }
-}
----
-
 What this will do is create an `OAuth2AuthorizedClient` that has a simple `ClientRegistration`, `OAuth2AccessToken`, and resource owner name.

 Specifically, it will include a `ClientRegistration` with a client id of "test-client" and client secret of "test-secret":
@ -574,8 +561,7 @@ assertThat(authorizedClient.getAccessToken().getScopes()).hasSize(1);
				@@ -574,8 +561,7 @@ assertThat(authorizedClient.getAccessToken().getScopes()).hasSize(1);
 assertThat(authorizedClient.getAccessToken().getScopes()).containsExactly("read");
 ----

-Spring Security does the necessary work to make sure that the `OAuth2AuthorizedClient` instance is available in the associated `HttpSession`.
-That means that it can be retrieved from an `HttpSessionOAuth2AuthorizedClientRepository`.
+The client can then be retrieved as normal using `@RegisteredOAuth2AuthorizedClient` in a controller method.

 [[testing-oauth2-client-scopes]]
 ===== Configuring Scopes