Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JavaSpring] Enable scopes for all security scheme types #17083

Merged
merged 1 commit into from
Dec 9, 2023
Merged

[JavaSpring] Enable scopes for all security scheme types #17083

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions modules/openapi-generator/src/main/java/org/openapitools/codegen/CodegenSecurity.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;

public class CodegenSecurity {
public String name;
Expand Down Expand Up @@ -89,6 +90,16 @@ public CodegenSecurity (CodegenSecurity original) {
public CodegenSecurity filterByScopeNames(List<String> filterScopes) {
CodegenSecurity filteredSecurity = new CodegenSecurity(this);

// Since OAS 3.1.0, security scheme types other than "oauth2" and "openIdConnect" may have a list of role names
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI @OpenAPITools/generator-core-team

// which are required for the execution, but are not otherwise defined or exchanged in-band.
// In such cases, no filtering is performed.
if (!(isOAuth || isOpenId)) {
filteredSecurity.scopes = filterScopes.stream()
.map(s -> new HashMap<String, Object>(Map.of("scope", s)))
.collect(Collectors.toList());
return filteredSecurity;
}

if (scopes == null) {
return filteredSecurity;
}
Expand Down
2 changes: 1 addition & 1 deletion modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1523,7 +1523,7 @@ private List<CodegenSecurity> filterAuthMethods(List<CodegenSecurity> authMethod

for (CodegenSecurity security : authMethods) {
boolean filtered = false;
if (security != null && security.scopes != null) {
if (security != null) {
for (SecurityRequirement requirement : securities) {
List<String> opScopes = requirement.get(security.name);
if (opScopes != null) {
Expand Down
10 changes: 5 additions & 5 deletions modules/openapi-generator/src/main/resources/JavaSpring/api.mustache
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ public interface {{classname}} {
}{{#hasAuthMethods}},
security = {
{{#authMethods}}
@SecurityRequirement(name = "{{name}}"{{#isOAuth}}, scopes={ {{#scopes}}"{{scope}}"{{^-last}}, {{/-last}}{{/scopes}} }{{/isOAuth}}){{^-last}},{{/-last}}
@SecurityRequirement(name = "{{name}}"{{#scopes.0}}, scopes={ {{#scopes}}"{{scope}}"{{^-last}}, {{/-last}}{{/scopes}} }{{/scopes.0}}){{^-last}},{{/-last}}
{{/authMethods}}
}{{/hasAuthMethods}}{{#externalDocs}},
externalDocs = @ExternalDocumentation(description = "{{externalDocs.description}}", url = "{{externalDocs.url}}"){{/externalDocs}}
Expand All @@ -196,16 +196,16 @@ public interface {{classname}} {
responseContainer = "{{{.}}}"{{/returnContainer}}{{#hasAuthMethods}},
authorizations = {
{{#authMethods}}
{{#isOAuth}}
{{#scopes.0}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this just using the first scope? Can/should this consider any additional scopes?

Copy link
Contributor Author

@kota65535 kota65535 Dec 9, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi welshm, Thanks for your review.
This is idiom that checks if the array scopes is not empty, which is already used in the many places of existing templates (ex: here, and here).

So when multiple scopes are specified...

security:
  - bearer: [ foo, bar ]

It will be generated using all scopes as follows.

security = {
    @SecurityRequirement(name = "bearer", scopes={ "foo", "bar" })
}

@Authorization(value = "{{name}}", scopes = {
{{#scopes}}
@AuthorizationScope(scope = "{{scope}}", description = "{{description}}"){{^-last}},{{/-last}}
{{/scopes}}
}){{^-last}},{{/-last}}
{{/isOAuth}}
{{^isOAuth}}
{{/scopes.0}}
{{^scopes.0}}
@Authorization(value = "{{name}}"){{^-last}},{{/-last}}
{{/isOAuth}}
{{/scopes.0}}
{{/authMethods}} }{{/hasAuthMethods}}
)
@ApiResponses({
Expand Down
Loading