From 60facc0f252b9b3514d727a3475fe1fdaeb61323 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Wacongne?= Date: Mon, 25 Nov 2024 14:39:04 -1000 Subject: [PATCH] Update README.MD --- README.MD | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.MD b/README.MD index ad0398eab..030587ed8 100644 --- a/README.MD +++ b/README.MD @@ -80,9 +80,7 @@ Testing access control requires configuring the test security context. The `Moc - build tests security context by ourself and populate it with stubbed / mocked authentications :cry: - **use annotations** to do it for us (this is where [spring-addons-oauth2-test](https://github.com/ch4mpy/spring-addons/tree/master/spring-addons-oauth2-test) jumps in) :smiley: -Also, a notable difference between `@MockJwt` and those in `spring-security-test` is that **`spring-security-test` ignores the authentication converter defined in the security conf :sob:**. - -To understand the consequences, let's consider the flow to build the security context in a resource server with a JWT decoder: +Also, a notable difference between `@MockJwt` and those in `spring-security-test` is that **`spring-security-test` ignores the authentication converter defined in the security conf :sob:**. To understand the consequences, let's consider the flow to build the security context in a resource server with a JWT decoder: 1. the JWT Bearer string is decoded, validated, and turned into a `org.springframework.security.oauth2.jwt.Jwt` by a `JwtDecoder` 2. this `Jwt` (not JWT) is turned into something extending `AbstractAuthenticationToken` by an authentication converter. This step includes converting claims to authorities and the choice of a specific `Authentication` implementation. 3. the `Authentication` instance is put in the security context