Propagate TestSecurityContextHolder to SecurityContextHolder #9737
Conversation
marcusdacoregio
added
status: duplicate
marcusdacoregio
force-pushed
the
gh-9565
branch
4 times, most recently
from
69ce852
to
585aa5e
Compare
|
A new section in the documentation named SecurityMockMvcResultHandlers should be added to show this new feature. |
marcusdacoregio
force-pushed
the
gh-9565
branch
2 times, most recently
from
4819ec4
to
cc3d521
Compare
...rg/springframework/security/test/web/servlet/response/SecurityMockMvcResultHandlersTest.java
Outdated
Show resolved
Hide resolved
docs/manual/src/docs/asciidoc/_includes/servlet/test/mockmvc.adoc
Outdated
Show resolved
Hide resolved
docs/manual/src/docs/asciidoc/_includes/servlet/test/mockmvc.adoc
Outdated
Show resolved
Hide resolved
...va/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultHandlers.java
Outdated
Show resolved
Hide resolved
marcusdacoregio
force-pushed
the
gh-9565
branch
from
d055b0d
to
a1f22ba
Compare
|
Thank you very much for your review @jzheaux. I've updated the PR based on your suggestions. |
| * Exports the {@link SecurityContext} from {@link TestSecurityContextHolder} to | ||
| * {@link SecurityContextHolder} | ||
| */ | ||
| public static ResultHandler exportSecurityContext() { |
There was a problem hiding this comment.
I'd like a name that is a bit more explicit as to what is happening. Perhaps propagateTestSecurityContext? I think a better name could be found that my suggestion, but the idea is it should convey what is being done.
There was a problem hiding this comment.
"propagate", "retain" and "keep" all seem to imply that it will be retained across multiple MockMvc invocations in the same test. Would that be the case? If this isn't a concern, then my favorite among these options is "retain". If it is a concern, then I still like "export" best.
Looking more deeply into the support, I see that there is a request post-processor static method called testSecurityContext(). In that case, "xyzTestSecurityContext" does seem more consistent.
There was a problem hiding this comment.
I think we should indeed mention TestSecurityContext in the name. It would be explicit if we do exportTestSecurityContext, since it gives the idea of the TestSecurityContext being exported somewhere, and this also gives the opportunity to extend it to exportTestSecurityContext(Consumer<SecurityContext> exportTo).
If we use names like save, propagate, preserve, all of them give the idea that the TestSecurityContextHolder will not be cleared out.
There was a problem hiding this comment.
"propagate", "retain" and "keep" all seem to imply that it will be retained across multiple MockMvc invocations in the same test. Would that be the case?
I am not a fan of save, retain, preserve, or keep because I interpret these to mean that the TestSecurityContextHolder will not be changed which is true regardless of the ResultHandler being used. The behavior is copy/export/propagate the TestSecurityContextHolder into the SecurityContext.
docs/manual/src/docs/asciidoc/_includes/servlet/test/mockmvc.adoc
Outdated
Show resolved
Hide resolved
Create SecurityMockMvcResultHandlers to define security related MockMvc ResultHandlers Create a method to allow copying the SecurityContext from the TestSecurityContextHolder to SecurityContextHolder Closes spring-projectsgh-9565
marcusdacoregio
force-pushed
the
gh-9565
branch
from
a1f22ba
to
5f4dd5b
Compare
|
Thanks @rwinch. I've updated the PR based on your suggestions. The method's name has been changed to |
Create SecurityMockMvcResultHandlers to define security related MockMvc ResultHandlers
Create a method to allow copying the SecurityContext from the TestSecurityContextHolder to SecurityContextHolder
Closes gh-9565