New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Propagate TestSecurityContextHolder to SecurityContextHolder #9737
Conversation
69ce852
to
585aa5e
Compare
A new section in the documentation named SecurityMockMvcResultHandlers should be added to show this new feature. |
4819ec4
to
cc3d521
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, @marcusdacoregio! Please see my feedback inline.
...rg/springframework/security/test/web/servlet/response/SecurityMockMvcResultHandlersTest.java
Outdated
Show resolved
Hide resolved
docs/manual/src/docs/asciidoc/_includes/servlet/test/mockmvc.adoc
Outdated
Show resolved
Hide resolved
docs/manual/src/docs/asciidoc/_includes/servlet/test/mockmvc.adoc
Outdated
Show resolved
Hide resolved
...va/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultHandlers.java
Outdated
Show resolved
Hide resolved
d055b0d
to
a1f22ba
Compare
Thank you very much for your review @jzheaux. I've updated the PR based on your suggestions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! I've left feedback inline.
* Exports the {@link SecurityContext} from {@link TestSecurityContextHolder} to | ||
* {@link SecurityContextHolder} | ||
*/ | ||
public static ResultHandler exportSecurityContext() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like a name that is a bit more explicit as to what is happening. Perhaps propagateTestSecurityContext
? I think a better name could be found that my suggestion, but the idea is it should convey what is being done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"propagate", "retain" and "keep" all seem to imply that it will be retained across multiple MockMvc
invocations in the same test. Would that be the case? If this isn't a concern, then my favorite among these options is "retain". If it is a concern, then I still like "export" best.
Looking more deeply into the support, I see that there is a request post-processor static method called testSecurityContext()
. In that case, "xyzTestSecurityContext" does seem more consistent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should indeed mention TestSecurityContext
in the name. It would be explicit if we do exportTestSecurityContext
, since it gives the idea of the TestSecurityContext
being exported somewhere, and this also gives the opportunity to extend it to exportTestSecurityContext(Consumer<SecurityContext> exportTo)
.
If we use names like save, propagate, preserve, all of them give the idea that the TestSecurityContextHolder
will not be cleared out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"propagate", "retain" and "keep" all seem to imply that it will be retained across multiple MockMvc invocations in the same test. Would that be the case?
I am not a fan of save, retain, preserve, or keep because I interpret these to mean that the TestSecurityContextHolder
will not be changed which is true regardless of the ResultHandler
being used. The behavior is copy/export/propagate the TestSecurityContextHolder
into the SecurityContext
.
docs/manual/src/docs/asciidoc/_includes/servlet/test/mockmvc.adoc
Outdated
Show resolved
Hide resolved
Create SecurityMockMvcResultHandlers to define security related MockMvc ResultHandlers Create a method to allow copying the SecurityContext from the TestSecurityContextHolder to SecurityContextHolder Closes spring-projectsgh-9565
a1f22ba
to
5f4dd5b
Compare
Thanks @rwinch. I've updated the PR based on your suggestions. The method's name has been changed to |
Create SecurityMockMvcResultHandlers to define security related MockMvc ResultHandlers
Create a method to allow copying the SecurityContext from the TestSecurityContextHolder to SecurityContextHolder
Closes gh-9565