OpenAPITools · ersinciftci · Feb 21, 2020
diff --git a/modules/openapi-generator/src/main/resources/JavaSpring/api.mustache b/modules/openapi-generator/src/main/resources/JavaSpring/api.mustache
@@ -17,6 +17,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 {{/jdk8-no-delegate}}
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 {{#useBeanValidation}}
 import org.springframework.validation.annotation.Validated;
 {{/useBeanValidation}}
@@ -122,6 +123,13 @@ public interface {{classname}} {
     {{/headerParams}}
     })
     {{/implicitHeaders}}
+    {{#hasAuthMethods}}
+        {{#authMethods}}
+            {{#isOAuth}}
+    @PreAuthorize("{{#scopes}}hasAuthority('SCOPE_{{scope}}'){{#hasMore}} and {{/hasMore}}{{/scopes}}")
+            {{/isOAuth}}
+        {{/authMethods}}
+    {{/hasAuthMethods}}
     @RequestMapping(value = "{{{path}}}",{{#singleContentTypes}}{{#hasProduces}}
         produces = "{{{vendorExtensions.x-accepts}}}", {{/hasProduces}}{{#hasConsumes}}
         consumes = "{{{vendorExtensions.x-contentType}}}",{{/hasConsumes}}{{/singleContentTypes}}{{^singleContentTypes}}{{#hasProduces}}

diff --git a/samples/client/petstore/spring-cloud-async/src/main/java/org/openapitools/api/PetApi.java b/samples/client/petstore/spring-cloud-async/src/main/java/org/openapitools/api/PetApi.java
@@ -12,6 +12,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -48,6 +49,7 @@ public interface PetApi {
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 405, message = "Invalid input") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet",
         consumes = "application/json",
         method = RequestMethod.POST)
@@ -69,6 +71,7 @@ public interface PetApi {
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 400, message = "Invalid pet value") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/{petId}",
         method = RequestMethod.DELETE)
     CompletableFuture<ResponseEntity<Void>> deletePet(@ApiParam(value = "Pet id to delete",required=true) @PathVariable("petId") Long petId,@ApiParam(value = "" ) @RequestHeader(value="api_key", required=false) String apiKey);
@@ -91,6 +94,7 @@ public interface PetApi {
     @ApiResponses(value = { 
         @ApiResponse(code = 200, message = "successful operation", response = Pet.class, responseContainer = "List"),
         @ApiResponse(code = 400, message = "Invalid status value") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/findByStatus",
         produces = "application/json", 
         method = RequestMethod.GET)
@@ -115,6 +119,7 @@ public interface PetApi {
     @ApiResponses(value = { 
         @ApiResponse(code = 200, message = "successful operation", response = Pet.class, responseContainer = "List"),
         @ApiResponse(code = 400, message = "Invalid tag value") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/findByTags",
         produces = "application/json", 
         method = RequestMethod.GET)
@@ -161,6 +166,7 @@ public interface PetApi {
         @ApiResponse(code = 400, message = "Invalid ID supplied"),
         @ApiResponse(code = 404, message = "Pet not found"),
         @ApiResponse(code = 405, message = "Validation exception") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet",
         consumes = "application/json",
         method = RequestMethod.PUT)
@@ -183,6 +189,7 @@ public interface PetApi {
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 405, message = "Invalid input") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/{petId}",
         consumes = "application/x-www-form-urlencoded",
         method = RequestMethod.POST)
@@ -205,6 +212,7 @@ public interface PetApi {
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 200, message = "successful operation", response = ModelApiResponse.class) })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/{petId}/uploadImage",
         produces = "application/json", 
         consumes = "multipart/form-data",

diff --git a/samples/client/petstore/spring-cloud-async/src/main/java/org/openapitools/api/StoreApi.java b/samples/client/petstore/spring-cloud-async/src/main/java/org/openapitools/api/StoreApi.java
@@ -11,6 +11,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;

diff --git a/samples/client/petstore/spring-cloud-async/src/main/java/org/openapitools/api/UserApi.java b/samples/client/petstore/spring-cloud-async/src/main/java/org/openapitools/api/UserApi.java
@@ -11,6 +11,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;

diff --git a/samples/client/petstore/spring-cloud/src/main/java/org/openapitools/api/PetApi.java b/samples/client/petstore/spring-cloud/src/main/java/org/openapitools/api/PetApi.java
@@ -12,6 +12,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -47,6 +48,7 @@ public interface PetApi {
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 405, message = "Invalid input") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet",
         consumes = "application/json",
         method = RequestMethod.POST)
@@ -68,6 +70,7 @@ public interface PetApi {
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 400, message = "Invalid pet value") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/{petId}",
         method = RequestMethod.DELETE)
     com.netflix.hystrix.HystrixCommand<ResponseEntity<Void>> deletePet(@ApiParam(value = "Pet id to delete",required=true) @PathVariable("petId") Long petId,@ApiParam(value = "" ) @RequestHeader(value="api_key", required=false) String apiKey);
@@ -90,6 +93,7 @@ public interface PetApi {
     @ApiResponses(value = { 
         @ApiResponse(code = 200, message = "successful operation", response = Pet.class, responseContainer = "List"),
         @ApiResponse(code = 400, message = "Invalid status value") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/findByStatus",
         produces = "application/json", 
         method = RequestMethod.GET)
@@ -114,6 +118,7 @@ public interface PetApi {
     @ApiResponses(value = { 
         @ApiResponse(code = 200, message = "successful operation", response = Pet.class, responseContainer = "List"),
         @ApiResponse(code = 400, message = "Invalid tag value") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/findByTags",
         produces = "application/json", 
         method = RequestMethod.GET)
@@ -160,6 +165,7 @@ public interface PetApi {
         @ApiResponse(code = 400, message = "Invalid ID supplied"),
         @ApiResponse(code = 404, message = "Pet not found"),
         @ApiResponse(code = 405, message = "Validation exception") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet",
         consumes = "application/json",
         method = RequestMethod.PUT)
@@ -182,6 +188,7 @@ public interface PetApi {
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 405, message = "Invalid input") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/{petId}",
         consumes = "application/x-www-form-urlencoded",
         method = RequestMethod.POST)
@@ -204,6 +211,7 @@ public interface PetApi {
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 200, message = "successful operation", response = ModelApiResponse.class) })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/{petId}/uploadImage",
         produces = "application/json", 
         consumes = "multipart/form-data",

diff --git a/samples/client/petstore/spring-cloud/src/main/java/org/openapitools/api/StoreApi.java b/samples/client/petstore/spring-cloud/src/main/java/org/openapitools/api/StoreApi.java
@@ -11,6 +11,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;

diff --git a/samples/client/petstore/spring-cloud/src/main/java/org/openapitools/api/UserApi.java b/samples/client/petstore/spring-cloud/src/main/java/org/openapitools/api/UserApi.java
@@ -11,6 +11,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;

diff --git a/samples/client/petstore/spring-stubs/src/main/java/org/openapitools/api/PetApi.java b/samples/client/petstore/spring-stubs/src/main/java/org/openapitools/api/PetApi.java
@@ -12,6 +12,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -51,6 +52,7 @@ default Optional<NativeWebRequest> getRequest() {
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 405, message = "Invalid input") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet",
         consumes = "application/json",
         method = RequestMethod.POST)
@@ -75,6 +77,7 @@ default ResponseEntity<Void> addPet(@ApiParam(value = "Pet object that needs to
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 400, message = "Invalid pet value") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/{petId}",
         method = RequestMethod.DELETE)
     default ResponseEntity<Void> deletePet(@ApiParam(value = "Pet id to delete",required=true) @PathVariable("petId") Long petId,@ApiParam(value = "" ) @RequestHeader(value="api_key", required=false) String apiKey) {
@@ -100,6 +103,7 @@ default ResponseEntity<Void> deletePet(@ApiParam(value = "Pet id to delete",requ
     @ApiResponses(value = { 
         @ApiResponse(code = 200, message = "successful operation", response = Pet.class, responseContainer = "List"),
         @ApiResponse(code = 400, message = "Invalid status value") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/findByStatus",
         produces = "application/json", 
         method = RequestMethod.GET)
@@ -141,6 +145,7 @@ default ResponseEntity<List<Pet>> findPetsByStatus(@NotNull @ApiParam(value = "S
     @ApiResponses(value = { 
         @ApiResponse(code = 200, message = "successful operation", response = Pet.class, responseContainer = "List"),
         @ApiResponse(code = 400, message = "Invalid tag value") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/findByTags",
         produces = "application/json", 
         method = RequestMethod.GET)
@@ -221,6 +226,7 @@ default ResponseEntity<Pet> getPetById(@ApiParam(value = "ID of pet to return",r
         @ApiResponse(code = 400, message = "Invalid ID supplied"),
         @ApiResponse(code = 404, message = "Pet not found"),
         @ApiResponse(code = 405, message = "Validation exception") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet",
         consumes = "application/json",
         method = RequestMethod.PUT)
@@ -246,6 +252,7 @@ default ResponseEntity<Void> updatePet(@ApiParam(value = "Pet object that needs
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 405, message = "Invalid input") })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/{petId}",
         consumes = "application/x-www-form-urlencoded",
         method = RequestMethod.POST)
@@ -271,6 +278,7 @@ default ResponseEntity<Void> updatePetWithForm(@ApiParam(value = "ID of pet that
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 200, message = "successful operation", response = ModelApiResponse.class) })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/pet/{petId}/uploadImage",
         produces = "application/json", 
         consumes = "multipart/form-data",

diff --git a/samples/client/petstore/spring-stubs/src/main/java/org/openapitools/api/StoreApi.java b/samples/client/petstore/spring-stubs/src/main/java/org/openapitools/api/StoreApi.java
@@ -11,6 +11,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;

diff --git a/samples/client/petstore/spring-stubs/src/main/java/org/openapitools/api/UserApi.java b/samples/client/petstore/spring-stubs/src/main/java/org/openapitools/api/UserApi.java
@@ -11,6 +11,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;

diff --git a/...erver/petstore/spring-mvc-j8-async/src/main/java/org/openapitools/api/AnotherFakeApi.java b/...erver/petstore/spring-mvc-j8-async/src/main/java/org/openapitools/api/AnotherFakeApi.java
@@ -10,6 +10,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;

diff --git a/samples/server/petstore/spring-mvc-j8-async/src/main/java/org/openapitools/api/FakeApi.java b/samples/server/petstore/spring-mvc-j8-async/src/main/java/org/openapitools/api/FakeApi.java
@@ -20,6 +20,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -383,6 +384,7 @@ default CompletableFuture<ResponseEntity<Void>> testQueryParameterCollectionForm
     }, tags={ "pet", })
     @ApiResponses(value = { 
         @ApiResponse(code = 200, message = "successful operation", response = ModelApiResponse.class) })
+    @PreAuthorize("hasAuthority('SCOPE_write:pets') and hasAuthority('SCOPE_read:pets')")
     @RequestMapping(value = "/fake/{petId}/uploadImageWithRequiredFile",
         produces = { "application/json" }, 
         consumes = { "multipart/form-data" },

diff --git a/...petstore/spring-mvc-j8-async/src/main/java/org/openapitools/api/FakeClassnameTestApi.java b/...petstore/spring-mvc-j8-async/src/main/java/org/openapitools/api/FakeClassnameTestApi.java
@@ -10,6 +10,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;