Skip to content

Commit

Permalink
Update README.MD
Browse files Browse the repository at this point in the history
  • Loading branch information
ch4mpy authored Nov 26, 2024
1 parent 9083f14 commit 60facc0
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions README.MD
Original file line number Diff line number Diff line change
Expand Up @@ -80,9 +80,7 @@ Testing access control requires configuring the test security context. The `Moc
- build tests security context by ourself and populate it with stubbed / mocked authentications :cry:
- **use annotations** to do it for us (this is where [spring-addons-oauth2-test](https://github.com/ch4mpy/spring-addons/tree/master/spring-addons-oauth2-test) jumps in) :smiley:

Also, a notable difference between `@MockJwt` and those in `spring-security-test` is that **`spring-security-test` ignores the authentication converter defined in the security conf :sob:**.

To understand the consequences, let's consider the flow to build the security context in a resource server with a JWT decoder:
Also, a notable difference between `@MockJwt` and those in `spring-security-test` is that **`spring-security-test` ignores the authentication converter defined in the security conf :sob:**. To understand the consequences, let's consider the flow to build the security context in a resource server with a JWT decoder:
1. the JWT Bearer string is decoded, validated, and turned into a `org.springframework.security.oauth2.jwt.Jwt` by a `JwtDecoder`
2. this `Jwt` (not JWT) is turned into something extending `AbstractAuthenticationToken` by an authentication converter. This step includes converting claims to authorities and the choice of a specific `Authentication` implementation.
3. the `Authentication` instance is put in the security context
Expand Down

0 comments on commit 60facc0

Please sign in to comment.