use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.
the class SecurityDefinitionTest method createModelWithSecurityRequirements.
@Test(description = "it should create a model with security requirements")
public void createModelWithSecurityRequirements() throws IOException {
final Schema personModel = ModelConverters.getInstance().read(Person.class).get("Person");
final Schema errorModel = ModelConverters.getInstance().read(Error.class).get("Error");
final Info info = new Info().version("1.0.0").title("Swagger Petstore");
final Contact contact = new Contact().name("Swagger API Team").email("foo@bar.baz").url("http://swagger.io");
info.setContact(contact);
final OpenAPI oas = new OpenAPI().info(info).addServersItem(new Server().url("http://petstore.swagger.io")).schema("Person", personModel).schema("Error", errorModel);
oas.schemaRequirement("githubAccessCode", new SecurityScheme().flows(new OAuthFlows().authorizationCode(new OAuthFlow().scopes(new Scopes().addString("user:email", "Grants read access to a user’s email addresses.")))));
final Operation get = new Operation().summary("finds pets in the system").description("a longer description").addTagsItem("Pet Operations").operationId("get pet by id");
get.addParametersItem(new Parameter().in("query").name("tags").description("tags to filter by").required(false).schema(new StringSchema()));
get.addParametersItem(new Parameter().in("path").name("petId").description("pet to fetch").schema(new IntegerSchema().format("int64")));
final ApiResponse response = new ApiResponse().description("pets returned").content(new Content().addMediaType("*/*", new MediaType().schema(new Schema().$ref("Person"))));
final ApiResponse errorResponse = new ApiResponse().description("error response").content(new Content().addMediaType("*/*", new MediaType().schema(new Schema().$ref("Error"))));
get.responses(new ApiResponses().addApiResponse("200", response).addApiResponse("default", errorResponse)).addSecurityItem(new SecurityRequirement().addList("internal_oauth2", "user:email")).addSecurityItem(new SecurityRequirement().addList("api_key"));
oas.path("/pets", new PathItem().get(get));
final String json = ResourceUtils.loadClassResource(getClass(), "ModelWithSecurityRequirements.json");
SerializationMatchers.assertEqualsToJson(oas, json);
}
use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.
the class ReaderTest method testSecuritySchemeWithRef.
@Test(description = "SecurityScheme with REf")
public void testSecuritySchemeWithRef() {
Components components = new Components();
components.addSecuritySchemes("Security", new SecurityScheme().description("Security Example").name("Security").type(SecurityScheme.Type.OAUTH2).$ref("myOauth2Security").in(SecurityScheme.In.HEADER));
OpenAPI oas = new OpenAPI().info(new Info().description("info")).components(components);
Reader reader = new Reader(oas);
OpenAPI openAPI = reader.read(RefSecurityResource.class);
String yaml = "openapi: 3.0.1\n" + "info:\n" + " description: info\n" + "paths:\n" + " /:\n" + " get:\n" + " description: description\n" + " operationId: Operation Id\n" + " responses:\n" + " default:\n" + " description: default response\n" + " content:\n" + " '*/*': {}\n" + " security:\n" + " - security_key:\n" + " - write:pets\n" + " - read:pets\n" + "components:\n" + " securitySchemes:\n" + " Security:\n" + " type: oauth2\n" + " description: Security Example\n" + " myOauth2Security:\n" + " type: oauth2\n" + " description: myOauthSecurity Description\n" + " $ref: '#/components/securitySchemes/Security'\n" + " in: header\n" + " flows:\n" + " implicit:\n" + " authorizationUrl: http://x.com\n" + " scopes:\n" + " write:pets: modify pets in your account\n";
SerializationMatchers.assertEqualsToYaml(openAPI, yaml);
}
use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.
the class ReaderTest method testSetOfClasses.
@Test(description = "Test a Set of classes")
public void testSetOfClasses() {
Set<Class<?>> classes = new HashSet<>();
classes.add(SecurityResource.class);
classes.add(DuplicatedSecurityResource.class);
Reader reader = new Reader(new OpenAPI());
OpenAPI openAPI = reader.read(classes);
assertNotNull(openAPI);
assertEquals(openAPI.getPaths().get("/").getGet().getSecurity().size(), 2);
assertEquals(openAPI.getPaths().get("/2").getGet().getSecurity().size(), 3);
Components components = openAPI.getComponents();
assertNotNull(components);
Map<String, SecurityScheme> securitySchemes = components.getSecuritySchemes();
assertNotNull(securitySchemes);
assertEquals(SECURITY_SCHEMAS, securitySchemes.size());
}
use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.
the class SecurityParser method getSecurityScheme.
public static Optional<SecuritySchemePair> getSecurityScheme(io.swagger.v3.oas.annotations.security.SecurityScheme securityScheme) {
if (securityScheme == null) {
return Optional.empty();
}
String key = null;
SecurityScheme securitySchemeObject = new SecurityScheme();
if (StringUtils.isNotBlank(securityScheme.in().toString())) {
securitySchemeObject.setIn(getIn(securityScheme.in().toString()));
}
if (StringUtils.isNotBlank(securityScheme.type().toString())) {
securitySchemeObject.setType(getType(securityScheme.type().toString()));
}
if (StringUtils.isNotBlank(securityScheme.openIdConnectUrl())) {
securitySchemeObject.setOpenIdConnectUrl(securityScheme.openIdConnectUrl());
}
if (StringUtils.isNotBlank(securityScheme.scheme())) {
securitySchemeObject.setScheme(securityScheme.scheme());
}
if (StringUtils.isNotBlank(securityScheme.bearerFormat())) {
securitySchemeObject.setBearerFormat(securityScheme.bearerFormat());
}
if (StringUtils.isNotBlank(securityScheme.description())) {
securitySchemeObject.setDescription(securityScheme.description());
}
if (StringUtils.isNotBlank(securityScheme.paramName())) {
securitySchemeObject.setName(securityScheme.paramName());
}
if (StringUtils.isNotBlank(securityScheme.ref())) {
securitySchemeObject.set$ref(securityScheme.ref());
}
if (StringUtils.isNotBlank(securityScheme.name())) {
key = securityScheme.name();
}
if (securityScheme.extensions().length > 0) {
Map<String, Object> extensions = AnnotationsUtils.getExtensions(securityScheme.extensions());
if (extensions != null) {
extensions.forEach(securitySchemeObject::addExtension);
}
}
getOAuthFlows(securityScheme.flows()).ifPresent(securitySchemeObject::setFlows);
SecuritySchemePair result = new SecuritySchemePair();
result.key = key;
result.securityScheme = securitySchemeObject;
return Optional.of(result);
}
use of io.swagger.v3.oas.models.security.SecurityScheme in project swagger-core by swagger-api.
the class Reader method read.
public OpenAPI read(Class<?> cls, String parentPath, String parentMethod, boolean isSubresource, RequestBody parentRequestBody, ApiResponses parentResponses, Set<String> parentTags, List<Parameter> parentParameters, Set<Class<?>> scannedResources) {
Hidden hidden = cls.getAnnotation(Hidden.class);
// class path
final javax.ws.rs.Path apiPath = ReflectionUtils.getAnnotation(cls, javax.ws.rs.Path.class);
if (hidden != null) {
// || (apiPath == null && !isSubresource)) {
return openAPI;
}
io.swagger.v3.oas.annotations.responses.ApiResponse[] classResponses = ReflectionUtils.getRepeatableAnnotationsArray(cls, io.swagger.v3.oas.annotations.responses.ApiResponse.class);
List<io.swagger.v3.oas.annotations.security.SecurityScheme> apiSecurityScheme = ReflectionUtils.getRepeatableAnnotations(cls, io.swagger.v3.oas.annotations.security.SecurityScheme.class);
List<io.swagger.v3.oas.annotations.security.SecurityRequirement> apiSecurityRequirements = ReflectionUtils.getRepeatableAnnotations(cls, io.swagger.v3.oas.annotations.security.SecurityRequirement.class);
ExternalDocumentation apiExternalDocs = ReflectionUtils.getAnnotation(cls, ExternalDocumentation.class);
io.swagger.v3.oas.annotations.tags.Tag[] apiTags = ReflectionUtils.getRepeatableAnnotationsArray(cls, io.swagger.v3.oas.annotations.tags.Tag.class);
io.swagger.v3.oas.annotations.servers.Server[] apiServers = ReflectionUtils.getRepeatableAnnotationsArray(cls, io.swagger.v3.oas.annotations.servers.Server.class);
javax.ws.rs.Consumes classConsumes = ReflectionUtils.getAnnotation(cls, javax.ws.rs.Consumes.class);
javax.ws.rs.Produces classProduces = ReflectionUtils.getAnnotation(cls, javax.ws.rs.Produces.class);
boolean classDeprecated = ReflectionUtils.getAnnotation(cls, Deprecated.class) != null;
// OpenApiDefinition
OpenAPIDefinition openAPIDefinition = ReflectionUtils.getAnnotation(cls, OpenAPIDefinition.class);
if (openAPIDefinition != null) {
// info
AnnotationsUtils.getInfo(openAPIDefinition.info()).ifPresent(info -> openAPI.setInfo(info));
// OpenApiDefinition security requirements
SecurityParser.getSecurityRequirements(openAPIDefinition.security()).ifPresent(s -> openAPI.setSecurity(s));
//
// OpenApiDefinition external docs
AnnotationsUtils.getExternalDocumentation(openAPIDefinition.externalDocs()).ifPresent(docs -> openAPI.setExternalDocs(docs));
// OpenApiDefinition tags
AnnotationsUtils.getTags(openAPIDefinition.tags(), false).ifPresent(tags -> openApiTags.addAll(tags));
// OpenApiDefinition servers
AnnotationsUtils.getServers(openAPIDefinition.servers()).ifPresent(servers -> openAPI.setServers(servers));
// OpenApiDefinition extensions
if (openAPIDefinition.extensions().length > 0) {
openAPI.setExtensions(AnnotationsUtils.getExtensions(openAPIDefinition.extensions()));
}
}
// class security schemes
if (apiSecurityScheme != null) {
for (io.swagger.v3.oas.annotations.security.SecurityScheme securitySchemeAnnotation : apiSecurityScheme) {
Optional<SecurityParser.SecuritySchemePair> securityScheme = SecurityParser.getSecurityScheme(securitySchemeAnnotation);
if (securityScheme.isPresent()) {
Map<String, SecurityScheme> securitySchemeMap = new HashMap<>();
if (StringUtils.isNotBlank(securityScheme.get().key)) {
securitySchemeMap.put(securityScheme.get().key, securityScheme.get().securityScheme);
if (components.getSecuritySchemes() != null && components.getSecuritySchemes().size() != 0) {
components.getSecuritySchemes().putAll(securitySchemeMap);
} else {
components.setSecuritySchemes(securitySchemeMap);
}
}
}
}
}
// class security requirements
List<SecurityRequirement> classSecurityRequirements = new ArrayList<>();
if (apiSecurityRequirements != null) {
Optional<List<SecurityRequirement>> requirementsObject = SecurityParser.getSecurityRequirements(apiSecurityRequirements.toArray(new io.swagger.v3.oas.annotations.security.SecurityRequirement[apiSecurityRequirements.size()]));
if (requirementsObject.isPresent()) {
classSecurityRequirements = requirementsObject.get();
}
}
// class tags, consider only name to add to class operations
final Set<String> classTags = new LinkedHashSet<>();
if (apiTags != null) {
AnnotationsUtils.getTags(apiTags, false).ifPresent(tags -> tags.stream().map(Tag::getName).forEach(classTags::add));
}
// parent tags
if (isSubresource) {
if (parentTags != null) {
classTags.addAll(parentTags);
}
}
// servers
final List<io.swagger.v3.oas.models.servers.Server> classServers = new ArrayList<>();
if (apiServers != null) {
AnnotationsUtils.getServers(apiServers).ifPresent(classServers::addAll);
}
// class external docs
Optional<io.swagger.v3.oas.models.ExternalDocumentation> classExternalDocumentation = AnnotationsUtils.getExternalDocumentation(apiExternalDocs);
JavaType classType = TypeFactory.defaultInstance().constructType(cls);
BeanDescription bd = Json.mapper().getSerializationConfig().introspect(classType);
final List<Parameter> globalParameters = new ArrayList<>();
// look for constructor-level annotated properties
globalParameters.addAll(ReaderUtils.collectConstructorParameters(cls, components, classConsumes, null));
// look for field-level annotated properties
globalParameters.addAll(ReaderUtils.collectFieldParameters(cls, components, classConsumes, null));
// Make sure that the class methods are sorted for deterministic order
// See https://docs.oracle.com/javase/8/docs/api/java/lang/Class.html#getMethods--
final List<Method> methods = Arrays.stream(cls.getMethods()).sorted(new MethodComparator()).collect(Collectors.toList());
// iterate class methods
for (Method method : methods) {
if (isOperationHidden(method)) {
continue;
}
AnnotatedMethod annotatedMethod = bd.findMethod(method.getName(), method.getParameterTypes());
javax.ws.rs.Produces methodProduces = ReflectionUtils.getAnnotation(method, javax.ws.rs.Produces.class);
javax.ws.rs.Consumes methodConsumes = ReflectionUtils.getAnnotation(method, javax.ws.rs.Consumes.class);
if (isMethodOverridden(method, cls)) {
continue;
}
boolean methodDeprecated = ReflectionUtils.getAnnotation(method, Deprecated.class) != null;
javax.ws.rs.Path methodPath = ReflectionUtils.getAnnotation(method, javax.ws.rs.Path.class);
String operationPath = ReaderUtils.getPath(apiPath, methodPath, parentPath, isSubresource);
// extending resource config.
if (ignoreOperationPath(operationPath, parentPath) && !isSubresource) {
continue;
}
Map<String, String> regexMap = new LinkedHashMap<>();
operationPath = PathUtils.parsePath(operationPath, regexMap);
if (operationPath != null) {
if (config != null && ReaderUtils.isIgnored(operationPath, config)) {
continue;
}
final Class<?> subResource = getSubResourceWithJaxRsSubresourceLocatorSpecs(method);
String httpMethod = ReaderUtils.extractOperationMethod(method, OpenAPIExtensions.chain());
httpMethod = (httpMethod == null && isSubresource) ? parentMethod : httpMethod;
if (StringUtils.isBlank(httpMethod) && subResource == null) {
continue;
} else if (StringUtils.isBlank(httpMethod) && subResource != null) {
Type returnType = method.getGenericReturnType();
if (annotatedMethod != null && annotatedMethod.getType() != null) {
returnType = annotatedMethod.getType();
}
if (shouldIgnoreClass(returnType.getTypeName()) && !method.getGenericReturnType().equals(subResource)) {
continue;
}
}
io.swagger.v3.oas.annotations.Operation apiOperation = ReflectionUtils.getAnnotation(method, io.swagger.v3.oas.annotations.Operation.class);
JsonView jsonViewAnnotation;
JsonView jsonViewAnnotationForRequestBody;
if (apiOperation != null && apiOperation.ignoreJsonView()) {
jsonViewAnnotation = null;
jsonViewAnnotationForRequestBody = null;
} else {
jsonViewAnnotation = ReflectionUtils.getAnnotation(method, JsonView.class);
/* If one and only one exists, use the @JsonView annotation from the method parameter annotated
with @RequestBody. Otherwise fall back to the @JsonView annotation for the method itself. */
jsonViewAnnotationForRequestBody = (JsonView) Arrays.stream(ReflectionUtils.getParameterAnnotations(method)).filter(arr -> Arrays.stream(arr).anyMatch(annotation -> annotation.annotationType().equals(io.swagger.v3.oas.annotations.parameters.RequestBody.class))).flatMap(Arrays::stream).filter(annotation -> annotation.annotationType().equals(JsonView.class)).reduce((a, b) -> null).orElse(jsonViewAnnotation);
}
Operation operation = parseMethod(method, globalParameters, methodProduces, classProduces, methodConsumes, classConsumes, classSecurityRequirements, classExternalDocumentation, classTags, classServers, isSubresource, parentRequestBody, parentResponses, jsonViewAnnotation, classResponses, annotatedMethod);
if (operation != null) {
if (classDeprecated || methodDeprecated) {
operation.setDeprecated(true);
}
List<Parameter> operationParameters = new ArrayList<>();
List<Parameter> formParameters = new ArrayList<>();
Annotation[][] paramAnnotations = ReflectionUtils.getParameterAnnotations(method);
if (annotatedMethod == null) {
// annotatedMethod not null only when method with 0-2 parameters
Type[] genericParameterTypes = method.getGenericParameterTypes();
for (int i = 0; i < genericParameterTypes.length; i++) {
final Type type = TypeFactory.defaultInstance().constructType(genericParameterTypes[i], cls);
io.swagger.v3.oas.annotations.Parameter paramAnnotation = AnnotationsUtils.getAnnotation(io.swagger.v3.oas.annotations.Parameter.class, paramAnnotations[i]);
Type paramType = ParameterProcessor.getParameterType(paramAnnotation, true);
if (paramType == null) {
paramType = type;
} else {
if (!(paramType instanceof Class)) {
paramType = type;
}
}
ResolvedParameter resolvedParameter = getParameters(paramType, Arrays.asList(paramAnnotations[i]), operation, classConsumes, methodConsumes, jsonViewAnnotation);
operationParameters.addAll(resolvedParameter.parameters);
// collect params to use together as request Body
formParameters.addAll(resolvedParameter.formParameters);
if (resolvedParameter.requestBody != null) {
processRequestBody(resolvedParameter.requestBody, operation, methodConsumes, classConsumes, operationParameters, paramAnnotations[i], type, jsonViewAnnotationForRequestBody, null);
}
}
} else {
for (int i = 0; i < annotatedMethod.getParameterCount(); i++) {
AnnotatedParameter param = annotatedMethod.getParameter(i);
final Type type = TypeFactory.defaultInstance().constructType(param.getParameterType(), cls);
io.swagger.v3.oas.annotations.Parameter paramAnnotation = AnnotationsUtils.getAnnotation(io.swagger.v3.oas.annotations.Parameter.class, paramAnnotations[i]);
Type paramType = ParameterProcessor.getParameterType(paramAnnotation, true);
if (paramType == null) {
paramType = type;
} else {
if (!(paramType instanceof Class)) {
paramType = type;
}
}
ResolvedParameter resolvedParameter = getParameters(paramType, Arrays.asList(paramAnnotations[i]), operation, classConsumes, methodConsumes, jsonViewAnnotation);
operationParameters.addAll(resolvedParameter.parameters);
// collect params to use together as request Body
formParameters.addAll(resolvedParameter.formParameters);
if (resolvedParameter.requestBody != null) {
processRequestBody(resolvedParameter.requestBody, operation, methodConsumes, classConsumes, operationParameters, paramAnnotations[i], type, jsonViewAnnotationForRequestBody, null);
}
}
}
// if we have form parameters, need to merge them into single schema and use as request body..
if (!formParameters.isEmpty()) {
Schema mergedSchema = new ObjectSchema();
Map<String, Encoding> encoding = new LinkedHashMap<>();
for (Parameter formParam : formParameters) {
if (formParam.getExplode() != null || (formParam.getStyle() != null) && Encoding.StyleEnum.fromString(formParam.getStyle().toString()) != null) {
Encoding e = new Encoding();
if (formParam.getExplode() != null) {
e.explode(formParam.getExplode());
}
if (formParam.getStyle() != null && Encoding.StyleEnum.fromString(formParam.getStyle().toString()) != null) {
e.style(Encoding.StyleEnum.fromString(formParam.getStyle().toString()));
}
encoding.put(formParam.getName(), e);
}
mergedSchema.addProperties(formParam.getName(), formParam.getSchema());
if (formParam.getSchema() != null && StringUtils.isNotBlank(formParam.getDescription()) && StringUtils.isBlank(formParam.getSchema().getDescription())) {
formParam.getSchema().description(formParam.getDescription());
}
if (null != formParam.getRequired() && formParam.getRequired()) {
mergedSchema.addRequiredItem(formParam.getName());
}
}
Parameter merged = new Parameter().schema(mergedSchema);
processRequestBody(merged, operation, methodConsumes, classConsumes, operationParameters, new Annotation[0], null, jsonViewAnnotationForRequestBody, encoding);
}
if (!operationParameters.isEmpty()) {
for (Parameter operationParameter : operationParameters) {
operation.addParametersItem(operationParameter);
}
}
// if subresource, merge parent parameters
if (parentParameters != null) {
for (Parameter parentParameter : parentParameters) {
operation.addParametersItem(parentParameter);
}
}
if (subResource != null && !scannedResources.contains(subResource)) {
scannedResources.add(subResource);
read(subResource, operationPath, httpMethod, true, operation.getRequestBody(), operation.getResponses(), classTags, operation.getParameters(), scannedResources);
// remove the sub resource so that it can visit it later in another path
// but we have a room for optimization in the future to reuse the scanned result
// by caching the scanned resources in the reader instance to avoid actual scanning
// the the resources again
scannedResources.remove(subResource);
// don't proceed with root resource operation, as it's handled by subresource
continue;
}
final Iterator<OpenAPIExtension> chain = OpenAPIExtensions.chain();
if (chain.hasNext()) {
final OpenAPIExtension extension = chain.next();
extension.decorateOperation(operation, method, chain);
}
PathItem pathItemObject;
if (openAPI.getPaths() != null && openAPI.getPaths().get(operationPath) != null) {
pathItemObject = openAPI.getPaths().get(operationPath);
} else {
pathItemObject = new PathItem();
}
if (StringUtils.isBlank(httpMethod)) {
continue;
}
setPathItemOperation(pathItemObject, httpMethod, operation);
paths.addPathItem(operationPath, pathItemObject);
if (openAPI.getPaths() != null) {
this.paths.putAll(openAPI.getPaths());
}
openAPI.setPaths(this.paths);
}
}
}
// if no components object is defined in openApi instance passed by client, set openAPI.components to resolved components (if not empty)
if (!isEmptyComponents(components) && openAPI.getComponents() == null) {
openAPI.setComponents(components);
}
// add tags from class to definition tags
AnnotationsUtils.getTags(apiTags, true).ifPresent(tags -> openApiTags.addAll(tags));
if (!openApiTags.isEmpty()) {
Set<Tag> tagsSet = new LinkedHashSet<>();
if (openAPI.getTags() != null) {
for (Tag tag : openAPI.getTags()) {
if (tagsSet.stream().noneMatch(t -> t.getName().equals(tag.getName()))) {
tagsSet.add(tag);
}
}
}
for (Tag tag : openApiTags) {
if (tagsSet.stream().noneMatch(t -> t.getName().equals(tag.getName()))) {
tagsSet.add(tag);
}
}
openAPI.setTags(new ArrayList<>(tagsSet));
}
return openAPI;
}
Aggregations