Search in sources :

Example 1 with SecurityScheme

use of io.swagger.v3.oas.models.security.SecurityScheme in project cxf by apache.

the class OpenApiFeature method registerComponents.

private static Optional<Components> registerComponents(Map<String, SecurityScheme> securityDefinitions) {
    final Components components = new Components();
    boolean hasComponents = false;
    if (securityDefinitions != null && !securityDefinitions.isEmpty()) {
        securityDefinitions.forEach((key, value) -> components.addSecuritySchemes(key, value));
        hasComponents |= true;
    }
    return hasComponents ? Optional.of(components) : Optional.empty();
}
Also used : Components(io.swagger.v3.oas.models.Components)

Example 2 with SecurityScheme

use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.

the class SecuritySchemeDeserializer method deserialize.

@Override
public SecurityScheme deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException {
    ObjectMapper mapper = null;
    if (openapi31) {
        mapper = Json31.mapper();
    } else {
        mapper = Json.mapper();
    }
    SecurityScheme result = null;
    JsonNode node = jp.getCodec().readTree(jp);
    JsonNode inNode = node.get("type");
    if (inNode != null) {
        String type = inNode.asText();
        if (Arrays.stream(SecurityScheme.Type.values()).noneMatch(t -> t.toString().equals(type))) {
            // wrong type, throw exception
            throw new JsonParseException(jp, String.format("SecurityScheme type %s not allowed", type));
        }
        result = new SecurityScheme().description(getFieldText("description", node));
        if ("http".equals(type)) {
            result.type(SecurityScheme.Type.HTTP).scheme(getFieldText("scheme", node)).bearerFormat(getFieldText("bearerFormat", node));
        } else if ("apiKey".equals(type)) {
            result.type(SecurityScheme.Type.APIKEY).name(getFieldText("name", node)).in(getIn(getFieldText("in", node)));
        } else if ("openIdConnect".equals(type)) {
            result.type(SecurityScheme.Type.OPENIDCONNECT).openIdConnectUrl(getFieldText("openIdConnectUrl", node));
        } else if ("oauth2".equals(type)) {
            result.type(SecurityScheme.Type.OAUTH2).flows(mapper.convertValue(node.get("flows"), OAuthFlows.class));
        } else if ("mutualTLS".equals(type)) {
            result.type(SecurityScheme.Type.MUTUALTLS);
        }
    }
    return result;
}
Also used : JsonNode(com.fasterxml.jackson.databind.JsonNode) JsonParseException(com.fasterxml.jackson.core.JsonParseException) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Example 3 with SecurityScheme

use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.

the class JsonDeserializationTest method testDeserializeSecurity.

@Test
public void testDeserializeSecurity() throws Exception {
    final OpenAPI swagger = TestUtils.deserializeJsonFileFromClasspath("specFiles/securityDefinitions.json", OpenAPI.class);
    final List<SecurityRequirement> security = swagger.getSecurity();
    assertNotNull(security);
    assertEquals(security.size(), 3);
    final Map<String, SecurityScheme> securitySchemes = swagger.getComponents().getSecuritySchemes();
    assertNotNull(securitySchemes);
    assertEquals(securitySchemes.size(), 4);
    {
        final SecurityScheme scheme = securitySchemes.get("petstore_auth");
        assertNotNull(scheme);
        assertEquals(scheme.getType().toString(), "oauth2");
        assertEquals(scheme.getFlows().getImplicit().getAuthorizationUrl(), "http://petstore.swagger.io/oauth/dialog");
        assertEquals(scheme.getFlows().getImplicit().getScopes().get("write:pets"), "modify pets in your account");
        assertEquals(scheme.getFlows().getImplicit().getScopes().get("read:pets"), "read your pets");
    }
    {
        final SecurityScheme scheme = securitySchemes.get("api_key");
        assertNotNull(scheme);
        assertEquals(scheme.getType().toString(), "apiKey");
        assertEquals(scheme.getIn().toString(), "header");
        assertEquals(scheme.getName(), "api_key");
    }
    {
        final SecurityScheme scheme = securitySchemes.get("http");
        assertNotNull(scheme);
        assertEquals(scheme.getType().toString(), "http");
        assertEquals(scheme.getScheme(), "basic");
    }
    {
        final SecurityScheme scheme = securitySchemes.get("open_id_connect");
        assertNotNull(scheme);
        assertEquals(scheme.getType().toString(), "openIdConnect");
        assertEquals(scheme.getOpenIdConnectUrl(), "http://petstore.swagger.io/openid");
    }
    {
        final SecurityRequirement securityRequirement = security.get(0);
        final List<String> scopes = securityRequirement.get("petstore_auth");
        assertNotNull(scopes);
        assertEquals(scopes.size(), 2);
        assertTrue(scopes.contains("write:pets"));
        assertTrue(scopes.contains("read:pets"));
    }
    {
        final SecurityRequirement securityRequirement = security.get(1);
        final List<String> scopes = securityRequirement.get("api_key");
        assertNotNull(scopes);
        assertTrue(scopes.isEmpty());
    }
    {
        final SecurityRequirement securityRequirement = security.get(2);
        final List<String> scopes = securityRequirement.get("http");
        assertNotNull(scopes);
        assertTrue(scopes.isEmpty());
    }
}
Also used : List(java.util.List) OpenAPI(io.swagger.v3.oas.models.OpenAPI) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) SecurityRequirement(io.swagger.v3.oas.models.security.SecurityRequirement) Test(org.testng.annotations.Test)

Example 4 with SecurityScheme

use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.

the class SecurityDefinitionTest method createModelWithSecurityRequirements.

@Test(description = "it should create a model with security requirements")
public void createModelWithSecurityRequirements() throws IOException {
    final Schema personModel = ModelConverters.getInstance().read(Person.class).get("Person");
    final Schema errorModel = ModelConverters.getInstance().read(Error.class).get("Error");
    final Info info = new Info().version("1.0.0").title("Swagger Petstore");
    final Contact contact = new Contact().name("Swagger API Team").email("foo@bar.baz").url("http://swagger.io");
    info.setContact(contact);
    final OpenAPI oas = new OpenAPI().info(info).addServersItem(new Server().url("http://petstore.swagger.io")).schema("Person", personModel).schema("Error", errorModel);
    oas.schemaRequirement("githubAccessCode", new SecurityScheme().flows(new OAuthFlows().authorizationCode(new OAuthFlow().scopes(new Scopes().addString("user:email", "Grants read access to a user’s email addresses.")))));
    final Operation get = new Operation().summary("finds pets in the system").description("a longer description").addTagsItem("Pet Operations").operationId("get pet by id");
    get.addParametersItem(new Parameter().in("query").name("tags").description("tags to filter by").required(false).schema(new StringSchema()));
    get.addParametersItem(new Parameter().in("path").name("petId").description("pet to fetch").schema(new IntegerSchema().format("int64")));
    final ApiResponse response = new ApiResponse().description("pets returned").content(new Content().addMediaType("*/*", new MediaType().schema(new Schema().$ref("Person"))));
    final ApiResponse errorResponse = new ApiResponse().description("error response").content(new Content().addMediaType("*/*", new MediaType().schema(new Schema().$ref("Error"))));
    get.responses(new ApiResponses().addApiResponse("200", response).addApiResponse("default", errorResponse)).addSecurityItem(new SecurityRequirement().addList("internal_oauth2", "user:email")).addSecurityItem(new SecurityRequirement().addList("api_key"));
    oas.path("/pets", new PathItem().get(get));
    final String json = ResourceUtils.loadClassResource(getClass(), "ModelWithSecurityRequirements.json");
    SerializationMatchers.assertEqualsToJson(oas, json);
}
Also used : Server(io.swagger.v3.oas.models.servers.Server) OAuthFlows(io.swagger.v3.oas.models.security.OAuthFlows) Schema(io.swagger.v3.oas.models.media.Schema) IntegerSchema(io.swagger.v3.oas.models.media.IntegerSchema) StringSchema(io.swagger.v3.oas.models.media.StringSchema) IntegerSchema(io.swagger.v3.oas.models.media.IntegerSchema) Operation(io.swagger.v3.oas.models.Operation) Info(io.swagger.v3.oas.models.info.Info) ApiResponse(io.swagger.v3.oas.models.responses.ApiResponse) Contact(io.swagger.v3.oas.models.info.Contact) PathItem(io.swagger.v3.oas.models.PathItem) OAuthFlow(io.swagger.v3.oas.models.security.OAuthFlow) Scopes(io.swagger.v3.oas.models.security.Scopes) Content(io.swagger.v3.oas.models.media.Content) Parameter(io.swagger.v3.oas.models.parameters.Parameter) MediaType(io.swagger.v3.oas.models.media.MediaType) StringSchema(io.swagger.v3.oas.models.media.StringSchema) Person(io.swagger.v3.core.oas.models.Person) OpenAPI(io.swagger.v3.oas.models.OpenAPI) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) ApiResponses(io.swagger.v3.oas.models.responses.ApiResponses) SecurityRequirement(io.swagger.v3.oas.models.security.SecurityRequirement) Test(org.testng.annotations.Test)

Example 5 with SecurityScheme

use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.

the class ReaderTest method testSecuritySchemeWithRef.

@Test(description = "SecurityScheme with REf")
public void testSecuritySchemeWithRef() {
    Components components = new Components();
    components.addSecuritySchemes("Security", new SecurityScheme().description("Security Example").name("Security").type(SecurityScheme.Type.OAUTH2).$ref("myOauth2Security").in(SecurityScheme.In.HEADER));
    OpenAPI oas = new OpenAPI().info(new Info().description("info")).components(components);
    Reader reader = new Reader(oas);
    OpenAPI openAPI = reader.read(RefSecurityResource.class);
    String yaml = "openapi: 3.0.1\n" + "info:\n" + "  description: info\n" + "paths:\n" + "  /:\n" + "    get:\n" + "      description: description\n" + "      operationId: Operation Id\n" + "      responses:\n" + "        default:\n" + "          description: default response\n" + "          content:\n" + "            '*/*': {}\n" + "      security:\n" + "      - security_key:\n" + "        - write:pets\n" + "        - read:pets\n" + "components:\n" + "  securitySchemes:\n" + "    Security:\n" + "      type: oauth2\n" + "      description: Security Example\n" + "    myOauth2Security:\n" + "      type: oauth2\n" + "      description: myOauthSecurity Description\n" + "      $ref: '#/components/securitySchemes/Security'\n" + "      in: header\n" + "      flows:\n" + "        implicit:\n" + "          authorizationUrl: http://x.com\n" + "          scopes:\n" + "            write:pets: modify pets in your account\n";
    SerializationMatchers.assertEqualsToYaml(openAPI, yaml);
}
Also used : Components(io.swagger.v3.oas.models.Components) Info(io.swagger.v3.oas.models.info.Info) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) OpenAPI(io.swagger.v3.oas.models.OpenAPI) Test(org.testng.annotations.Test)

Aggregations

SecurityScheme (io.swagger.v3.oas.models.security.SecurityScheme)9 OpenAPI (io.swagger.v3.oas.models.OpenAPI)7 Components (io.swagger.v3.oas.models.Components)6 Test (org.testng.annotations.Test)6 Operation (io.swagger.v3.oas.models.Operation)3 PathItem (io.swagger.v3.oas.models.PathItem)3 Content (io.swagger.v3.oas.models.media.Content)3 MediaType (io.swagger.v3.oas.models.media.MediaType)3 Schema (io.swagger.v3.oas.models.media.Schema)3 Parameter (io.swagger.v3.oas.models.parameters.Parameter)3 ApiResponse (io.swagger.v3.oas.models.responses.ApiResponse)3 ApiResponses (io.swagger.v3.oas.models.responses.ApiResponses)3 SecurityRequirement (io.swagger.v3.oas.models.security.SecurityRequirement)3 Info (io.swagger.v3.oas.models.info.Info)2 HashSet (java.util.HashSet)2 List (java.util.List)2 JsonView (com.fasterxml.jackson.annotation.JsonView)1 JsonParseException (com.fasterxml.jackson.core.JsonParseException)1 BeanDescription (com.fasterxml.jackson.databind.BeanDescription)1 JavaType (com.fasterxml.jackson.databind.JavaType)1