Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OAuth2ResourceServerConfigurerTests should avoid MockWebServer

See original GitHub issue

Now that there is support to create a JWTProcessor using a RestOperations, several of the tests in OAuth2ResourceServerConfigurerTests that relied on a MockWebServer can now rely on a mock RestOperations, making the tests faster.

Or, as an alternative, they could be configured to use a single key instead of a JWK Set, where applicable.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:11 (6 by maintainers)

github_iconTop GitHub Comments

2reactions
govi20commented, Dec 5, 2018

Yes. I will give it a try on upcoming Saturday, Sunday.

1reaction
jzheauxcommented, Nov 23, 2018

@govi20 Many of these tests use a common spring configuration, declared there in the tests class itself. In most cases, the reference to WebServerConfig will be removed along with the line to configure its mock response.

For example, in the case of this test:

@Test
public void getWhenUsingDefaultsWithValidBearerTokenThenAcceptsRequest()
		throws Exception {

	this.spring.register(WebServerConfig.class, DefaultConfig.class, BasicController.class).autowire();
	this.authz.enqueue(this.jwks("Default"));
	String token = this.token("ValidNoScopes");

	this.mvc.perform(get("/").with(bearerToken(token)))
			.andExpect(status().isOk())
			.andExpect(content().string("ok"));
}

I would change this to:

@Test
public void getWhenUsingDefaultsWithValidBearerTokenThenAcceptsRequest()
		throws Exception {

	this.spring.register(SingleKeyConfig.class, BasicController.class).autowire();
	String token = this.token("ValidNoScopes");

	this.mvc.perform(get("/").with(bearerToken(token)))
			.andExpect(status().isOk())
			.andExpect(content().string("ok"));
}

Many of the tests don’t actually need to be configured with a JWK Set URI to confirm their functionality since that is not what they are testing. In those cases, a single key is preferred.

When the JWK Set endpoint is being tested, then it should use a RestOperations, as you have outlined.

For example, this test:

@Test
public void getWhenUsingDefaultsWithBadJwkEndpointThenInvalidToken()
	throws Exception {

	this.spring.register(WebServerConfig.class, DefaultConfig.class).autowire();
	this.authz.enqueue(new MockResponse().setBody("malformed"));
	String token = this.token("ValidNoScopes");

	this.mvc.perform(get("/").with(bearerToken(token)))
			.andExpect(status().isUnauthorized())
			.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed Jwk set"));
}

Could change to:

@Test
public void getWhenUsingDefaultsWithBadJwkEndpointThenInvalidToken()
	throws Exception {

	this.spring.register(RestOperationsConfig.class).autowire();
	mockRestOperationsToHaveResponse("malformed");
	String token = this.token("ValidNoScopes");

	this.mvc.perform(get("/").with(bearerToken(token)))
			.andExpect(status().isUnauthorized())
			.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed Jwk set"));
}
Read more comments on GitHub >

github_iconTop Results From Across the Web

Testing REST APIs Using MockWebServer - Kodeco
Learn how to mock a REST API with MockWebServer and easily test your ... You have to start the server before every test...
Read more >
spring-projects/spring-security 5.2.0.M2 on GitHub - NewReleases.io
... OAuth2ResourceServerConfigurerTests should avoid MockWebServer #6104; OAuth2AuthorizationRequest.additionalParameters should not contain registration_id ...
Read more >
Class MockWebServer
public final class MockWebServer extends org.junit.rules. ... Automated tests should always use port 0 to avoid flakiness when a specific port is ...
Read more >
org.springframework.security.oauth2.jwt.JwtProcessors ...
... in the OpenID Configuration " + "did not match the requested issuer \"" + ... Exception { try ( MockWebServer server =...
Read more >
Test Spring WebClient with MockWebServer from OkHttp
Unfortunately, this test setup does not work for the Spring ... The following usage of the Spring WebClient should look familiar to you: ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

AuthenticationSuccessEvent fires multiple times with OAuth2 Resource Server

Next page

Use String equality, not URL equality, for JWT issuer validation