New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MockServerWebExchange should allow setting a WebSession [SPR-16772] #21312
Comments
Rossen Stoyanchev commented By more complicated you mean accessing the session and adding attributes to it? Do you have an example of this somewhere? So far we've avoided the need for a builder in MockServerWebExchange somehow. By comparison the HttpWebHandlerAdapter which creates exchange instances at runtime has a number of properties. Potentially all of those could end up on such a builder. |
Rob Winch commented The general problem is that Spring Security has an API that uses a MockServerWebExchange tries to save something in the WebSession. It then tries to save something else in the WebSession thus needs a new MockServerWebExchange but the same WebSession. An example based on my local code of how I am needing to work around the problem:
@Test
public void loadAuthorizationRequestWhenMultipleSavedThenAuthorizationRequest() {
String oldState = "state0";
MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/")
.queryParam(OAuth2ParameterNames.STATE, oldState).build();
OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
.authorizationUri("https://example.com/oauth2/authorize")
.clientId("client-id")
.redirectUri("http://localhost/client-1")
.state(oldState)
.build();
WebSessionManager sessionManager = e -> this.exchange.getSession();
this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager,
ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager,
ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
Mono<OAuth2AuthorizationRequest> saveAndSaveAndLoad = this.repository.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
.then(this.repository.loadAuthorizationRequest(oldExchange));
StepVerifier.create(saveAndSaveAndLoad)
.expectNext(oldAuthorizationRequest)
.verifyComplete();
StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
.expectNext(this.authorizationRequest)
.verifyComplete();
}
|
Rossen Stoyanchev commented Okay, I was thinking a builder method that takes a WebSessionManager, but it sounds like providing a WebSession is all that you need? |
Rob Winch commented
Being able to provide the WebSession and an easy way to create an instance of a WebSession (InMemoryWebSession is currently private) would be great! |
Rob Winch commented Rossen Stoyanchev Thanks for adding the builder. Looking at the commit I didn't see any changes for how to create the |
Rossen Stoyanchev commented Indeed, I forgot to comment on that part. If anything, for cases when |
Rob Winch commented Rossen Stoyanchev It seems pretty difficult to find this mechanism for an average user. Perhaps the builder could be refactored a little to make it easier to use? Once idea is that the builder could have a factory method that delegates to |
Rossen Stoyanchev commented I've added a |
Rob Winch opened SPR-16772 and commented
I've run into a few testing situations that involve saving something in the
WebSession
and then trying to retrieve it. This is more complicated than necessary at the moment becauseMockServerWebExchange
does not allow setting theWebSession
It would be nice if theWebSession
could just be set so that these scenarios could easily be tested.Affects: 5.0.5
Referenced from: commits 15182b2, eef592d
The text was updated successfully, but these errors were encountered: