Search in sources :

Example 16 with SecurityScheme

use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-parser by swagger-api.

the class OpenAPIResolverTest method componentsResolver.

@Test
public void componentsResolver() throws Exception {
    final ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
    String pathFile = FileUtils.readFileToString(new File("src/test/resources/oas3.yaml.template"));
    pathFile = pathFile.replace("${dynamicPort}", String.valueOf(this.serverPort));
    final JsonNode rootNode = mapper.readTree(pathFile.getBytes());
    final OpenAPIDeserializer deserializer = new OpenAPIDeserializer();
    final SwaggerParseResult result = deserializer.deserialize(rootNode);
    Assert.assertNotNull(result);
    final OpenAPI openAPI = result.getOpenAPI();
    Assert.assertNotNull(openAPI);
    assertEquals(new OpenAPIResolver(openAPI, new ArrayList<>(), null).resolve(), openAPI);
    Map<String, Schema> schemas = openAPI.getComponents().getSchemas();
    // internal url schema
    Schema pet = schemas.get("Pet");
    Schema category = (Schema) pet.getProperties().get("category");
    assertEquals(category.get$ref(), "#/components/schemas/Category");
    // remote url schema
    Schema user = (Schema) pet.getProperties().get("user");
    assertEquals(user.get$ref(), "#/components/schemas/User");
    // ArraySchema items
    ArraySchema tagsProperty = (ArraySchema) pet.getProperties().get("tags");
    assertEquals(tagsProperty.getItems().get$ref(), "#/components/schemas/ExampleSchema");
    assertEquals(tagsProperty.getType(), "array");
    Assert.assertNotNull(openAPI.getComponents().getSchemas().get("ExampleSchema"));
    // Schema not
    assertEquals(schemas.get("OrderRef").getNot().get$ref(), "#/components/schemas/Category");
    // Schema additionalProperties
    assertTrue(schemas.get("OrderRef").getAdditionalProperties() instanceof Schema);
    Schema additionalProperties = (Schema) schemas.get("OrderRef").getAdditionalProperties();
    assertEquals(additionalProperties.get$ref(), "#/components/schemas/User");
    // AllOfSchema
    ComposedSchema extended = (ComposedSchema) schemas.get("ExtendedErrorModel");
    Schema root = (Schema) extended.getAllOf().get(0).getProperties().get("rootCause");
    assertEquals(root.get$ref(), "#/components/schemas/Category");
    Map<String, ApiResponse> responses = openAPI.getComponents().getResponses();
    // internal response headers
    ApiResponse illegalInput = responses.get("IllegalInput");
    assertEquals(illegalInput.getHeaders().get("X-Ref-Limit-Limit").get$ref(), "#/components/headers/X-Rate-Limit-Reset");
    // internal response links
    assertEquals(illegalInput.getLinks().get("address").get$ref(), "#/components/links/unsubscribe");
    // internal url response schema
    MediaType generalError = responses.get("GeneralError").getContent().get("application/json");
    assertEquals(generalError.getSchema().get$ref(), "#/components/schemas/ExtendedErrorModel");
    Map<String, RequestBody> requestBodies = openAPI.getComponents().getRequestBodies();
    // internal url requestBody schema
    RequestBody requestBody1 = requestBodies.get("requestBody1");
    MediaType xmlMedia = requestBody1.getContent().get("application/json");
    assertEquals(xmlMedia.getSchema().get$ref(), "#/components/schemas/Pet");
    // internal url requestBody ArraySchema
    RequestBody requestBody2 = requestBodies.get("requestBody2");
    MediaType jsonMedia = requestBody2.getContent().get("application/json");
    ArraySchema items = (ArraySchema) jsonMedia.getSchema();
    assertEquals(items.getItems().get$ref(), "#/components/schemas/User");
    // internal request body
    assertEquals("#/components/requestBodies/requestBody2", requestBodies.get("requestBody3").get$ref());
    // remote request body url
    assertEquals(requestBodies.get("reference").get$ref(), "#/components/requestBodies/remote_requestBody");
    Map<String, Parameter> parameters = openAPI.getComponents().getParameters();
    // remote url parameter
    assertEquals(parameters.get("remoteParameter").get$ref(), "#/components/parameters/parameter");
    // internal Schema Parameter
    assertEquals(parameters.get("newParam").getSchema().get$ref(), "#/components/schemas/Tag");
    // parameter examples
    assertEquals(parameters.get("contentParameter").getExamples().get("cat"), openAPI.getComponents().getExamples().get("cat"));
    // parameter content schema
    assertEquals(parameters.get("contentParameter").getContent().get("application/json").getSchema().get$ref(), "#/components/schemas/ExtendedErrorModel");
    // internal Schema header
    Map<String, Header> headers = openAPI.getComponents().getHeaders();
    // header remote schema ref
    assertEquals(headers.get("X-Rate-Limit-Remaining").getSchema().get$ref(), "#/components/schemas/User");
    // header examples
    assertEquals(headers.get("X-Rate-Limit-Reset").getExamples().get("headerExample").get$ref(), "#/components/examples/dog");
    // remote header ref
    assertEquals(headers.get("X-Ref-Limit-Limit").get$ref(), "#/components/headers/X-Rate-Limit-Reset");
    // header content
    assertEquals(headers.get("X-Rate-Limit-Reset").getContent().get("application/json").getSchema().get$ref(), "#/components/schemas/ExtendedErrorModel");
    Map<String, Example> examples = openAPI.getComponents().getExamples();
    // internal url example
    Example frogExample = examples.get("frog");
    assertEquals(frogExample.get$ref(), "#/components/examples/cat");
    // remote example url
    assertEquals(examples.get("referenceCat").get$ref(), "#/components/examples/example");
    // internal url securityScheme
    SecurityScheme scheme = openAPI.getComponents().getSecuritySchemes().get("reference");
    assertEquals(scheme.getType(), SecurityScheme.Type.APIKEY);
    SecurityScheme remoteScheme = openAPI.getComponents().getSecuritySchemes().get("remote_reference");
    assertEquals(remoteScheme.getType(), SecurityScheme.Type.OAUTH2);
    Map<String, Link> links = openAPI.getComponents().getLinks();
    // internal link
    assertEquals(openAPI.getComponents().getLinks().get("referenced").get$ref(), "#/components/links/unsubscribe");
    // remote ref link
    assertEquals(openAPI.getComponents().getLinks().get("subscribe").get$ref(), "#/components/links/link");
    Map<String, Callback> callbacks = openAPI.getComponents().getCallbacks();
    // internal callback reference
    assertEquals(callbacks.get("referenced").get$ref(), "#/components/callbacks/failed");
    // callback pathItem -> operation ->requestBody
    assertEquals(callbacks.get("heartbeat").get("$request.query.heartbeat-url").getPost().getRequestBody().get$ref(), "#/components/requestBodies/requestBody3");
    // remote callback ref
    assertEquals(callbacks.get("remoteCallback").get$ref(), "#/components/callbacks/callback");
}
Also used : OpenAPIDeserializer(io.swagger.v3.parser.util.OpenAPIDeserializer) ComposedSchema(io.swagger.v3.oas.models.media.ComposedSchema) IntegerSchema(io.swagger.v3.oas.models.media.IntegerSchema) StringSchema(io.swagger.v3.oas.models.media.StringSchema) ObjectSchema(io.swagger.v3.oas.models.media.ObjectSchema) ArraySchema(io.swagger.v3.oas.models.media.ArraySchema) Schema(io.swagger.v3.oas.models.media.Schema) JsonNode(com.fasterxml.jackson.databind.JsonNode) ApiResponse(io.swagger.v3.oas.models.responses.ApiResponse) ArraySchema(io.swagger.v3.oas.models.media.ArraySchema) Example(io.swagger.v3.oas.models.examples.Example) YAMLFactory(com.fasterxml.jackson.dataformat.yaml.YAMLFactory) MediaType(io.swagger.v3.oas.models.media.MediaType) ComposedSchema(io.swagger.v3.oas.models.media.ComposedSchema) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) RequestBody(io.swagger.v3.oas.models.parameters.RequestBody) SwaggerParseResult(io.swagger.v3.parser.core.models.SwaggerParseResult) Callback(io.swagger.v3.oas.models.callbacks.Callback) Header(io.swagger.v3.oas.models.headers.Header) OpenAPIResolver(io.swagger.v3.parser.OpenAPIResolver) Parameter(io.swagger.v3.oas.models.parameters.Parameter) QueryParameter(io.swagger.v3.oas.models.parameters.QueryParameter) PathParameter(io.swagger.v3.oas.models.parameters.PathParameter) File(java.io.File) OpenAPI(io.swagger.v3.oas.models.OpenAPI) Link(io.swagger.v3.oas.models.links.Link) Test(org.testng.annotations.Test)

Example 17 with SecurityScheme

use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-parser by swagger-api.

the class OpenAPIV3ParserTest method testIssue480.

@Test
public void testIssue480() {
    final OpenAPI openAPI = new OpenAPIV3Parser().read("src/test/resources/issue-480.yaml");
    for (String key : openAPI.getComponents().getSecuritySchemes().keySet()) {
        SecurityScheme definition = openAPI.getComponents().getSecuritySchemes().get(key);
        if ("petstore_auth".equals(key)) {
            assertTrue(definition.getType().equals(SecurityScheme.Type.OAUTH2));
            // OAuth2 oauth = (OAuth2Definition) definition;
            assertEquals("This is a description", definition.getDescription());
        }
        if ("api_key".equals(key)) {
            assertTrue(definition.getType().equals(SecurityScheme.Type.APIKEY));
            assertEquals("This is another description", definition.getDescription());
        }
    }
}
Also used : OpenAPIV3Parser(io.swagger.v3.parser.OpenAPIV3Parser) OpenAPI(io.swagger.v3.oas.models.OpenAPI) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) Test(org.testng.annotations.Test)

Example 18 with SecurityScheme

use of io.swagger.v3.oas.models.security.SecurityScheme in project snow-owl by b2ihealthcare.

the class BaseApiConfig method docs.

/**
 * Expose this as @Bean annotated component in the implementation configuration class.
 * @return a configured docket for this API module
 */
protected final GroupedOpenApi docs(final String apiBaseUrl, final String apiGroup, final String apiVersion, final String apiTitle, final String apiTermsOfServiceUrl, final String apiContact, final String apiLicense, final String apiLicenseUrl, final String apiDescription) {
    return GroupedOpenApi.builder().group(apiGroup).pathsToMatch(apiBaseUrl.endsWith("/") ? apiBaseUrl + "**" : apiBaseUrl + "/**").packagesToScan(getApiBasePackages()).addOpenApiCustomiser(api -> {
        Info apiInfo = api.getInfo();
        apiInfo.setTitle(apiTitle);
        apiInfo.setDescription(apiDescription);
        apiInfo.setVersion(apiVersion);
        apiInfo.setTermsOfService(apiTermsOfServiceUrl);
        Contact contact = new Contact();
        contact.setName("B2i Healthcare");
        contact.setEmail(apiContact);
        contact.setUrl(apiLicenseUrl);
        apiInfo.setContact(contact);
        License license = new License();
        license.setName(apiLicense);
        license.setUrl(apiLicenseUrl);
        apiInfo.setLicense(license);
        // configure global security
        api.getComponents().addSecuritySchemes("basic", new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("basic")).addSecuritySchemes("bearer", new SecurityScheme().type(SecurityScheme.Type.APIKEY).scheme("bearer").in(In.HEADER).bearerFormat("JWT"));
        // disable servers prop
        api.setServers(List.of());
    }).addOperationCustomizer((operation, method) -> {
        return operation.addSecurityItem(new SecurityRequirement().addList("basic").addList("bearer"));
    }).build();
// .useDefaultResponseMessages(false)
// .alternateTypeRules(getAlternateTypeRules(resolver));
}
Also used : Configuration(org.springframework.context.annotation.Configuration) List(java.util.List) License(io.swagger.v3.oas.models.info.License) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) Contact(io.swagger.v3.oas.models.info.Contact) In(io.swagger.v3.oas.models.security.SecurityScheme.In) GroupedOpenApi(org.springdoc.core.GroupedOpenApi) AnnotationUtils(org.springframework.core.annotation.AnnotationUtils) Info(io.swagger.v3.oas.models.info.Info) SecurityRequirement(io.swagger.v3.oas.models.security.SecurityRequirement) Bean(org.springframework.context.annotation.Bean) ComponentScan(org.springframework.context.annotation.ComponentScan) License(io.swagger.v3.oas.models.info.License) Info(io.swagger.v3.oas.models.info.Info) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) Contact(io.swagger.v3.oas.models.info.Contact) SecurityRequirement(io.swagger.v3.oas.models.security.SecurityRequirement)

Example 19 with SecurityScheme

use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.

the class SecuritySchemeDeserializer method deserialize.

@Override
public SecurityScheme deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException {
    ObjectMapper mapper = null;
    if (openapi31) {
        mapper = Json31.mapper();
    } else {
        mapper = Json.mapper();
    }
    SecurityScheme result = null;
    JsonNode node = jp.getCodec().readTree(jp);
    JsonNode inNode = node.get("type");
    if (inNode != null) {
        String type = inNode.asText();
        if (Arrays.stream(SecurityScheme.Type.values()).noneMatch(t -> t.toString().equals(type))) {
            // wrong type, throw exception
            throw new JsonParseException(jp, String.format("SecurityScheme type %s not allowed", type));
        }
        result = new SecurityScheme().description(getFieldText("description", node));
        if ("http".equals(type)) {
            result.type(SecurityScheme.Type.HTTP).scheme(getFieldText("scheme", node)).bearerFormat(getFieldText("bearerFormat", node));
        } else if ("apiKey".equals(type)) {
            result.type(SecurityScheme.Type.APIKEY).name(getFieldText("name", node)).in(getIn(getFieldText("in", node)));
        } else if ("openIdConnect".equals(type)) {
            result.type(SecurityScheme.Type.OPENIDCONNECT).openIdConnectUrl(getFieldText("openIdConnectUrl", node));
        } else if ("oauth2".equals(type)) {
            result.type(SecurityScheme.Type.OAUTH2).flows(mapper.convertValue(node.get("flows"), OAuthFlows.class));
        } else if ("mutualTLS".equals(type)) {
            result.type(SecurityScheme.Type.MUTUALTLS);
        }
    }
    return result;
}
Also used : JsonNode(com.fasterxml.jackson.databind.JsonNode) JsonParseException(com.fasterxml.jackson.core.JsonParseException) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Example 20 with SecurityScheme

use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.

the class JsonDeserializationTest method testDeserializeSecurity.

@Test
public void testDeserializeSecurity() throws Exception {
    final OpenAPI swagger = TestUtils.deserializeJsonFileFromClasspath("specFiles/securityDefinitions.json", OpenAPI.class);
    final List<SecurityRequirement> security = swagger.getSecurity();
    assertNotNull(security);
    assertEquals(security.size(), 3);
    final Map<String, SecurityScheme> securitySchemes = swagger.getComponents().getSecuritySchemes();
    assertNotNull(securitySchemes);
    assertEquals(securitySchemes.size(), 4);
    {
        final SecurityScheme scheme = securitySchemes.get("petstore_auth");
        assertNotNull(scheme);
        assertEquals(scheme.getType().toString(), "oauth2");
        assertEquals(scheme.getFlows().getImplicit().getAuthorizationUrl(), "http://petstore.swagger.io/oauth/dialog");
        assertEquals(scheme.getFlows().getImplicit().getScopes().get("write:pets"), "modify pets in your account");
        assertEquals(scheme.getFlows().getImplicit().getScopes().get("read:pets"), "read your pets");
    }
    {
        final SecurityScheme scheme = securitySchemes.get("api_key");
        assertNotNull(scheme);
        assertEquals(scheme.getType().toString(), "apiKey");
        assertEquals(scheme.getIn().toString(), "header");
        assertEquals(scheme.getName(), "api_key");
    }
    {
        final SecurityScheme scheme = securitySchemes.get("http");
        assertNotNull(scheme);
        assertEquals(scheme.getType().toString(), "http");
        assertEquals(scheme.getScheme(), "basic");
    }
    {
        final SecurityScheme scheme = securitySchemes.get("open_id_connect");
        assertNotNull(scheme);
        assertEquals(scheme.getType().toString(), "openIdConnect");
        assertEquals(scheme.getOpenIdConnectUrl(), "http://petstore.swagger.io/openid");
    }
    {
        final SecurityRequirement securityRequirement = security.get(0);
        final List<String> scopes = securityRequirement.get("petstore_auth");
        assertNotNull(scopes);
        assertEquals(scopes.size(), 2);
        assertTrue(scopes.contains("write:pets"));
        assertTrue(scopes.contains("read:pets"));
    }
    {
        final SecurityRequirement securityRequirement = security.get(1);
        final List<String> scopes = securityRequirement.get("api_key");
        assertNotNull(scopes);
        assertTrue(scopes.isEmpty());
    }
    {
        final SecurityRequirement securityRequirement = security.get(2);
        final List<String> scopes = securityRequirement.get("http");
        assertNotNull(scopes);
        assertTrue(scopes.isEmpty());
    }
}
Also used : List(java.util.List) OpenAPI(io.swagger.v3.oas.models.OpenAPI) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) SecurityRequirement(io.swagger.v3.oas.models.security.SecurityRequirement) Test(org.testng.annotations.Test)

Aggregations

SecurityScheme (io.swagger.v3.oas.models.security.SecurityScheme)35 OpenAPI (io.swagger.v3.oas.models.OpenAPI)20 Components (io.swagger.v3.oas.models.Components)15 OAuthFlow (io.swagger.v3.oas.models.security.OAuthFlow)13 Scopes (io.swagger.v3.oas.models.security.Scopes)12 OAuthFlows (io.swagger.v3.oas.models.security.OAuthFlows)11 Test (org.testng.annotations.Test)11 SecurityRequirement (io.swagger.v3.oas.models.security.SecurityRequirement)8 Operation (io.swagger.v3.oas.models.Operation)7 PathItem (io.swagger.v3.oas.models.PathItem)7 Info (io.swagger.v3.oas.models.info.Info)7 HashMap (java.util.HashMap)6 LinkedHashMap (java.util.LinkedHashMap)6 JsonNode (com.fasterxml.jackson.databind.JsonNode)5 MediaType (io.swagger.v3.oas.models.media.MediaType)5 Schema (io.swagger.v3.oas.models.media.Schema)5 Parameter (io.swagger.v3.oas.models.parameters.Parameter)5 ApiResponse (io.swagger.v3.oas.models.responses.ApiResponse)5 SwaggerParseResult (io.swagger.v3.parser.core.models.SwaggerParseResult)5 ArrayList (java.util.ArrayList)5