Simplify opaqueToken support

Remove scopes convenience method to alleviate potential confusion with the "scope" attribute. Issue gh-7827 Issue gh-7712
2020-03-02 18:24:08 -07:00 · 2020-03-02 18:24:08 -07:00 · 3bc1b7a933
parent 689fc9df0c
commit 3bc1b7a933
5 changed files with 3 additions and 48 deletions
--- a/samples/boot/oauth2resourceserver-opaque/src/test/java/sample/OAuth2ResourceServerControllerTests.java
+++ b/samples/boot/oauth2resourceserver-opaque/src/test/java/sample/OAuth2ResourceServerControllerTests.java
@ -51,7 +51,7 @@ public class OAuth2ResourceServerControllerTests {

 	@Test
 	public void messageCanBeReadWithScopeMessageReadAuthority() throws Exception {
-		this.mvc.perform(get("/message").with(opaqueToken().scopes("message:read")))
+		this.mvc.perform(get("/message").with(opaqueToken().attributes(a -> a.put("scope", "message:read"))))
 				.andExpect(content().string(is("secret message")));

 		this.mvc.perform(get("/message")
@ -77,7 +77,7 @@ public class OAuth2ResourceServerControllerTests {
 	public void messageCanNotBeCreatedWithScopeMessageReadAuthority() throws Exception {
 		this.mvc.perform(post("/message")
 				.content("Hello message")
-				.with(opaqueToken().scopes("message:read")))
+				.with(opaqueToken().authorities(new SimpleGrantedAuthority("SCOPE_message:read"))))
 				.andExpect(status().isForbidden());
 	}

@ -85,7 +85,7 @@ public class OAuth2ResourceServerControllerTests {
 	public void messageCanBeCreatedWithScopeMessageWriteAuthority() throws Exception {
 		this.mvc.perform(post("/message")
 				.content("Hello message")
-				.with(opaqueToken().scopes("message:write")))
+				.with(opaqueToken().authorities(new SimpleGrantedAuthority("SCOPE_message:write"))))
 				.andExpect(status().isOk())
 				.andExpect(content().string(is("Message was created. Content: Hello message")));
 	}
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@ -590,18 +590,6 @@ public class SecurityMockServerConfigurers {
 			return this;
 		}

-		/**
-		 * Use the provided scopes as the authorities in the resulting principal
-		 * @param scopes the scopes to use
-		 * @return the {@link OpaqueTokenMutator} for further configuration
-		 */
-		public OpaqueTokenMutator scopes(String... scopes) {
-			Assert.notNull(scopes, "scopes cannot be null");
-			this.authorities = () -> getAuthorities(Arrays.asList(scopes));
-			this.principal = this::defaultPrincipal;
-			return this;
-		}
-
 		/**
 		 * Use the provided principal
 		 * @param principal the principal to use
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@ -1228,18 +1228,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 			return this;
 		}

-		/**
-		 * Use the provided scopes as the authorities in the resulting principal
-		 * @param scopes the scopes to use
-		 * @return the {@link OpaqueTokenRequestPostProcessor} for further configuration
-		 */
-		public OpaqueTokenRequestPostProcessor scopes(String... scopes) {
-			Assert.notNull(scopes, "scopes cannot be null");
-			this.authorities = () -> getAuthorities(Arrays.asList(scopes));
-			this.principal = this::defaultPrincipal;
-			return this;
-		}
-
 		/**
 		 * Use the provided principal
 		 * @param principal the principal to use
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
@ -90,20 +90,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 				.containsOnly(this.authority1, this.authority2);
 	}

-	@Test
-	public void mockOpaqueTokenWhenScopesThenBearerTokenAuthentication() {
-		this.client
-				.mutateWith(mockOpaqueToken().scopes("scoped", "authorities"))
-				.get()
-				.exchange()
-				.expectStatus().isOk();
-
-		SecurityContext context = securityContextController.removeSecurityContext();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities())
-				.containsOnly(new SimpleGrantedAuthority("SCOPE_scoped"),
-						new SimpleGrantedAuthority("SCOPE_authorities"));
-	}
-
 	@Test
 	public void mockOpaqueTokenWhenAttributesThenBearerTokenAuthentication() {
 		String sub = new String("my-subject");
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
@ -89,13 +89,6 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 				.andExpect(status().isForbidden());
 	}

-	@Test
-	public void opaqueTokenWhenAuthoritiesSpecifiedThenGrantsAccess() throws Exception {
-		this.mvc.perform(get("/admin/scopes")
-				.with(opaqueToken().scopes("admin", "read")))
-				.andExpect(content().string("[\"SCOPE_admin\",\"SCOPE_read\"]"));
-	}
-
 	@Test
 	public void opaqueTokenWhenAttributeSpecifiedThenUserHasAttribute() throws Exception {
 		this.mvc.perform(get("/opaque-token/iss")