MockServerWebExchange should allow setting a WebSession [SPR-16772]

[spring-projects-issues]

Rob Winch opened SPR-16772 and commented

I've run into a few testing situations that involve saving something in the WebSession and then trying to retrieve it. This is more complicated than necessary at the moment because MockServerWebExchange does not allow setting the WebSession It would be nice if the WebSession could just be set so that these scenarios could easily be tested.

---

Affects: 5.0.5

Referenced from: commits 15182b2, eef592d

[spring-projects-issues]

Rossen Stoyanchev commented

By more complicated you mean accessing the session and adding attributes to it? Do you have an example of this somewhere?

So far we've avoided the need for a builder in MockServerWebExchange somehow. By comparison the HttpWebHandlerAdapter which creates exchange instances at runtime has a number of properties. Potentially all of those could end up on such a builder.

[spring-projects-issues]

Rob Winch commented

The general problem is that Spring Security has an API that uses a MockServerWebExchange tries to save something in the WebSession. It then tries to save something else in the WebSession thus needs a new MockServerWebExchange but the same WebSession. An example based on my local code of how I am needing to work around the problem:

 

@Test
public void loadAuthorizationRequestWhenMultipleSavedThenAuthorizationRequest() {
	String oldState = "state0";
	MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/")
			.queryParam(OAuth2ParameterNames.STATE, oldState).build();

	OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
			.authorizationUri("https://example.com/oauth2/authorize")
			.clientId("client-id")
			.redirectUri("http://localhost/client-1")
			.state(oldState)
			.build();

	WebSessionManager sessionManager = e -> this.exchange.getSession();

	this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager,
			ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
	ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager,
			ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());

	Mono<OAuth2AuthorizationRequest> saveAndSaveAndLoad = this.repository.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
			.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
			.then(this.repository.loadAuthorizationRequest(oldExchange));

	StepVerifier.create(saveAndSaveAndLoad)
			.expectNext(oldAuthorizationRequest)
			.verifyComplete();

	StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
			.expectNext(this.authorizationRequest)
			.verifyComplete();
}
 

[spring-projects-issues]

Rossen Stoyanchev commented

Okay, I was thinking a builder method that takes a WebSessionManager, but it sounds like providing a WebSession is all that you need?

[spring-projects-issues]

Rob Winch commented

  but it sounds like providing a WebSession is all that you need?

 

Being able to provide the WebSession and an easy way to create an instance of a WebSession (InMemoryWebSession is currently private) would be great!

[spring-projects-issues]

Rob Winch commented

Rossen Stoyanchev Thanks for adding the builder. Looking at the commit I didn't see any changes for how to create the WebSession. Is the preferred way to create a WebSession to inject into the builder using new InMemoryWebSessionStore().createWebSession() or is there a better way of doing it that I missed?

[spring-projects-issues]

Rossen Stoyanchev commented

Indeed, I forgot to comment on that part. InMemoryWebSession is private and depends on an instance of InMemoryWebSessionStore. I see no easy path to changing that arrangement.

If anything, for cases when WebSessionStore is stubbed, I considered a MockWebSession, but I'm not sure it's worth replicating the logic in InMemoryWebSession. In the end though using the factory method on InMemoryWebSessionStore like we do here doesn't seem so bad.

[spring-projects-issues]

Rob Winch commented

Rossen Stoyanchev It seems pretty difficult to find this mechanism for an average user. Perhaps the builder could be refactored a little to make it easier to use? Once idea is that the builder could have a factory method that delegates to new InMemoryWebSessionStore().createWebSession().

[spring-projects-issues]

Rossen Stoyanchev commented

I've added a MockWebSession which uses InMemoryWebSessionStore().createWebSession() internally.