The SecurityMockMvcRequestPostProcessors and SecurityMockServerConfigurers references contain a section for each OAuth 2.0-based request post processor or mock server configurer.
Most of them were written at the same time and so read about the same way; however, the "Testing JWT Authentication" sections read quite differently from the rest.
So that all the sections read similarly, we should update the "Testing JWT Authentication" (servlet) and "Testing JWT Authentication" (webflux) sections.
The changes should at least include:
- The section titles should be changed from "Testing JWT Authentication" to "Testing OAuth 2.0 Resource Servers with JWT".
- The initial paragraphs should show an example of when
SecurityMockMvcRequestPostProcessors#jwt()andSecurityMockServerConfigurers#mockJwt()are necessary, respectively. For example, the documentation implies that it should be used whenever an application is configured as a resource server - it should be clearer that it's when an application's controllers need the principal to be aJwt.
In the end, these two sections should read the same as their OAuth 2.0 counterparts like "Testing OIDC Login" (servlet), "Testing OAuth 2.0 Login" (servlet), "Testing OAuth 2.0 Clients" (webflux), and "Testing Opaque Token Authentication" (webflux).
To preserve links, all the anchors should remain as-is.
Comment From: chrylis
As I had been inquiring about the docs on JWT testing, I can help with this (most likely next week). I also have been contemplating an addition of one or two methods in the DSL that might make the ordinary cases clearer; I'll propose them and then align on documenting however the DSL looks after discussion.
Comment From: jzheaux
Hi, @chrylis. Thanks for volunteering!
Since any DSL changes would be out of scope for this ticket, let's put any DSL discussions in a separate ticket.