Align Test Support Claims

Make all sub claims 'user' and all scopes 'read' to align with
existing support for JWT

Issue gh-7828
Issue gh-7789
Issue gh-7680
Issue gh-7618

Author: jzheaux

samples/boot/oauth2login-webflux/src/test/java/sample/OAuth2LoginControllerTests.java

@@ -79,6 +79,6 @@ public void setup() {
 		public void indexGreetsAuthenticatedUser() {
 			this.rest.mutateWith(mockOAuth2Login())
 					.get().uri("/").exchange()
-					.expectBody(String.class).value(containsString("test-subject"));
+					.expectBody(String.class).value(containsString("user"));
 		}
 }

samples/boot/oauth2login/src/integration-test/java/sample/OAuth2LoginApplicationTests.java

@@ -263,9 +263,9 @@ public void requestAuthorizationCodeGrantWhenInvalidStateParamThenDisplayLoginPa
 	public void requestWhenMockOAuth2LoginThenIndex() throws Exception {
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("github");
 		this.mvc.perform(get("/").with(oauth2Login().clientRegistration(clientRegistration)))
-				.andExpect(model().attribute("userName", "test-subject"))
+				.andExpect(model().attribute("userName", "user"))
 				.andExpect(model().attribute("clientName", "GitHub"))
-				.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "test-subject")));
+				.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "user")));
 	}
 
 	private void assertLoginPage(HtmlPage page) {

samples/boot/oauth2login/src/test/java/sample/web/OAuth2LoginControllerTests.java

@@ -64,9 +64,9 @@ public OAuth2AuthorizedClientRepository authorizedClientRepository() {
 	@Test
 	public void rootWhenAuthenticatedReturnsUserAndClient() throws Exception {
 		this.mvc.perform(get("/").with(oauth2Login()))
-			.andExpect(model().attribute("userName", "test-subject"))
+			.andExpect(model().attribute("userName", "user"))
 			.andExpect(model().attribute("clientName", "test"))
-			.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "test-subject")));
+			.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "user")));
 	}
 
 	@Test

test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java

@@ -185,7 +185,7 @@ public static OpaqueTokenMutator mockOpaqueToken() {
 	 */
 	public static OAuth2LoginMutator mockOAuth2Login() {
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
-				null, null, Collections.singleton("user"));
+				null, null, Collections.singleton("read"));
 		return new OAuth2LoginMutator(accessToken);
 	}
 
@@ -200,7 +200,7 @@ public static OAuth2LoginMutator mockOAuth2Login() {
 	 */
 	public static OidcLoginMutator mockOidcLogin() {
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
-				null, null, Collections.singleton("user"));
+				null, null, Collections.singleton("read"));
 		return new OidcLoginMutator(accessToken);
 	}
 
@@ -844,7 +844,7 @@ private Collection<GrantedAuthority> defaultAuthorities() {
 
 		private Map<String, Object> defaultAttributes() {
 			Map<String, Object> attributes = new HashMap<>();
-			attributes.put(this.nameAttributeKey, "test-subject");
+			attributes.put(this.nameAttributeKey, "user");
 			return attributes;
 		}
 
@@ -907,7 +907,7 @@ public OidcLoginMutator authorities(GrantedAuthority... authorities) {
 		 */
 		public OidcLoginMutator idToken(Consumer<OidcIdToken.Builder> idTokenBuilderConsumer) {
 			OidcIdToken.Builder builder = OidcIdToken.withTokenValue("id-token");
-			builder.subject("test-subject");
+			builder.subject("user");
 			idTokenBuilderConsumer.accept(builder);
 			this.idToken = builder.build();
 			this.oidcUser = this::defaultPrincipal;
@@ -1018,7 +1018,7 @@ private Collection<GrantedAuthority> getAuthorities() {
 
 		private OidcIdToken getOidcIdToken() {
 			if (this.idToken == null) {
-				return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "test-subject"));
+				return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
 			} else {
 				return this.idToken;
 			}
@@ -1041,7 +1041,7 @@ public final static class OAuth2ClientMutator implements WebTestClientConfigurer
 		private String registrationId = "test";
 		private ClientRegistration clientRegistration;
 		private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-				"access-token", null, null, Collections.singleton("user"));
+				"access-token", null, null, Collections.singleton("read"));
 
 		private ServerOAuth2AuthorizedClientRepository authorizedClientRepository =
 				new WebSessionServerOAuth2AuthorizedClientRepository();
@@ -1122,7 +1122,7 @@ private OAuth2AuthorizedClient getClient() {
 				throw new IllegalArgumentException("Please specify a ClientRegistration via one " +
 						"of the clientRegistration methods");
 			}
-			return new OAuth2AuthorizedClient(this.clientRegistration, "test-subject", this.accessToken);
+			return new OAuth2AuthorizedClient(this.clientRegistration, "user", this.accessToken);
 		}
 
 		private ClientRegistration.Builder clientRegistrationBuilder() {

test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java

@@ -398,7 +398,7 @@ public static RequestPostProcessor httpBasic(String username, String password) {
 	 */
 	public static OAuth2LoginRequestPostProcessor oauth2Login() {
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
-				null, null, Collections.singleton("user"));
+				null, null, Collections.singleton("read"));
 		return new OAuth2LoginRequestPostProcessor(accessToken);
 	}
 
@@ -428,7 +428,7 @@ public static OAuth2LoginRequestPostProcessor oauth2Login() {
 	 */
 	public static OidcLoginRequestPostProcessor oidcLogin() {
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
-				null, null, Collections.singleton("user"));
+				null, null, Collections.singleton("read"));
 		return new OidcLoginRequestPostProcessor(accessToken);
 	}
 
@@ -1435,7 +1435,7 @@ private Collection<GrantedAuthority> defaultAuthorities() {
 
 		private Map<String, Object> defaultAttributes() {
 			Map<String, Object> attributes = new HashMap<>();
-			attributes.put(this.nameAttributeKey, "test-subject");
+			attributes.put(this.nameAttributeKey, "user");
 			return attributes;
 		}
 
@@ -1495,7 +1495,7 @@ public OidcLoginRequestPostProcessor authorities(GrantedAuthority... authorities
 		 */
 		public OidcLoginRequestPostProcessor idToken(Consumer<OidcIdToken.Builder> idTokenBuilderConsumer) {
 			OidcIdToken.Builder builder = OidcIdToken.withTokenValue("id-token");
-			builder.subject("test-subject");
+			builder.subject("user");
 			idTokenBuilderConsumer.accept(builder);
 			this.idToken = builder.build();
 			this.oidcUser = this::defaultPrincipal;
@@ -1577,7 +1577,7 @@ private Collection<GrantedAuthority> getAuthorities() {
 		private OidcIdToken getOidcIdToken() {
 			if (this.idToken == null) {
 				return new OidcIdToken("id-token", null, null,
-						Collections.singletonMap(IdTokenClaimNames.SUB, "test-subject"));
+						Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
 			} else {
 				return this.idToken;
 			}
@@ -1600,7 +1600,7 @@ public final static class OAuth2ClientRequestPostProcessor implements RequestPos
 		private String registrationId = "test";
 		private ClientRegistration clientRegistration;
 		private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-				"access-token", null, null, Collections.singleton("user"));
+				"access-token", null, null, Collections.singleton("read"));
 
 		private OAuth2ClientRequestPostProcessor() {
 		}
@@ -1654,7 +1654,7 @@ public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request)
 						"of the clientRegistration methods");
 			}
 			OAuth2AuthorizedClient client = new OAuth2AuthorizedClient
-					(this.clientRegistration, "test-subject", this.accessToken);
+					(this.clientRegistration, "user", this.accessToken);
 			OAuth2AuthorizedClientRepository authorizedClientRepository =
 					new HttpSessionOAuth2AuthorizedClientRepository();
 			authorizedClientRepository.saveAuthorizedClient(client, null, request, new MockHttpServletResponse());

test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java

@@ -86,9 +86,9 @@ public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication() {
 		assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test");
 		assertThat(token.getPrincipal()).isInstanceOf(OAuth2User.class);
 		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("sub", "test-subject");
+				.containsEntry("sub", "user");
 		assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
-				.contains(new SimpleGrantedAuthority("SCOPE_user"));
+				.contains(new SimpleGrantedAuthority("SCOPE_read"));
 	}
 
 	@Test
@@ -134,7 +134,7 @@ public void oauth2LoginWhenAttributeSpecifiedThenUserHasAttribute() {
 	@Test
 	public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
 		OAuth2User oauth2User = new DefaultOAuth2User(
-				AuthorityUtils.createAuthorityList("SCOPE_user"),
+				AuthorityUtils.createAuthorityList("SCOPE_read"),
 				Collections.singletonMap("sub", "subject"),
 				"sub");
 

test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java

@@ -86,9 +86,9 @@ public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication() {
 		assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test");
 		assertThat(token.getPrincipal()).isInstanceOf(OidcUser.class);
 		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("sub", "test-subject");
+				.containsEntry("sub", "user");
 		assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
-				.contains(new SimpleGrantedAuthority("SCOPE_user"));
+				.contains(new SimpleGrantedAuthority("SCOPE_read"));
 		assertThat(((OidcUser) token.getPrincipal()).getIdToken().getTokenValue())
 				.isEqualTo("id-token");
 	}
@@ -150,7 +150,7 @@ public void oidcLoginWhenUserInfoSpecifiedThenUserHasClaims() throws Exception {
 	@Test
 	public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
 		OidcUser oidcUser = new DefaultOidcUser(
-				AuthorityUtils.createAuthorityList("SCOPE_user"), idToken().build());
+				AuthorityUtils.createAuthorityList("SCOPE_read"), idToken().build());
 
 		this.client.mutateWith(mockOidcLogin()
 				.idToken(i -> i.subject("foo"))

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java

@@ -90,7 +90,7 @@ public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication()
 		throws Exception {
 
 		this.mvc.perform(get("/name").with(oauth2Login()))
-				.andExpect(content().string("test-subject"));
+				.andExpect(content().string("user"));
 		this.mvc.perform(get("/admin/id-token/name").with(oauth2Login()))
 				.andExpect(status().isForbidden());
 	}
@@ -120,7 +120,7 @@ public void oauth2LoginWhenAttributeSpecifiedThenUserHasAttribute() throws Excep
 	@Test
 	public void oauth2LoginWhenNameSpecifiedThenUserHasName() throws Exception {
 		OAuth2User oauth2User = new DefaultOAuth2User(
-				AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_user"),
+				AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
 				Collections.singletonMap("custom-attribute", "test-subject"),
 				"custom-attribute");
 		this.mvc.perform(get("/attributes/custom-attribute")
@@ -142,7 +142,7 @@ public void oauth2LoginWhenClientRegistrationSpecifiedThenUses() throws Exceptio
 	@Test
 	public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
 		OAuth2User oauth2User = new DefaultOAuth2User(
-				AuthorityUtils.createAuthorityList("SCOPE_user"),
+				AuthorityUtils.createAuthorityList("SCOPE_read"),
 				Collections.singletonMap("username", "user"),
 				"username");
 
@@ -167,7 +167,7 @@ protected void configure(HttpSecurity http) throws Exception {
 			http
 				.authorizeRequests(authorize -> authorize
 					.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
-					.anyRequest().hasAuthority("SCOPE_user")
+					.anyRequest().hasAuthority("SCOPE_read")
 				).oauth2Login();
 		}
 

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java

@@ -95,7 +95,7 @@ public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication()
 		throws Exception {
 
 		this.mvc.perform(get("/name").with(oidcLogin()))
-				.andExpect(content().string("test-subject"));
+				.andExpect(content().string("user"));
 		this.mvc.perform(get("/admin/id-token/name").with(oidcLogin()))
 				.andExpect(status().isForbidden());
 	}
@@ -133,7 +133,7 @@ public void oidcLoginWhenUserInfoSpecifiedThenUserHasClaims() throws Exception {
 	@Test
 	public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
 		OidcUser oidcUser = new DefaultOidcUser(
-				AuthorityUtils.createAuthorityList("SCOPE_user"), idToken().build());
+				AuthorityUtils.createAuthorityList("SCOPE_read"), idToken().build());
 
 		this.mvc.perform(get("/id-token/sub")
 				.with(oidcLogin()
@@ -156,7 +156,7 @@ protected void configure(HttpSecurity http) throws Exception {
 			http
 				.authorizeRequests()
 					.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
-					.anyRequest().hasAuthority("SCOPE_user")
+					.anyRequest().hasAuthority("SCOPE_read")
 					.and()
 				.oauth2Login();
 		}