-
-
Notifications
You must be signed in to change notification settings - Fork 6.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Java][Spring] Add OAuth2 Preauthorize annotations based on scope #6358
base: master
Are you sure you want to change the base?
Conversation
@wing328 let's ignore how long it took me to fix my pr 😄 |
Let me know if there's anything else I should do! |
Based off the sample, I created https://github.com/nhomble/spring-security-openapi-demo to try things out more extensively. Two things I observed which should get resolved:
|
@wing328 @diyfr @bbdouglas (2017/07) @sreeshas (2017/08) @jfiala (2017/08) @lukoyanov (2017/09) @cbornet (2017/09) @jeff9finger (2018/01) @karismann (2019/03) @Zomzog (2019/04) @lwlee2608 (2019/10) @bkabrda (2020/01) Appreciate we can get some eyes on this - we are trying to adopt openapi-generator and are currently blocked due to the lack of |
@nhomble thanks for the PR. Can you please resolve the merge conflicts when you've time? |
…rator into OpenAPIToolsgh-1975-VI � Conflicts: � bin/spring-all-petstore.sh � modules/openapi-generator/src/test/java/org/openapitools/codegen/java/spring/SpringCodegenTest.java
no problem @wing328 - I'll resolve the conflicts tomorrow and then on a separate commit I'll propose changes for the two points I raised earlier about spring dependencies and the bug. |
break; | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cc @OpenAPITools/generator-core-team for review
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am happy to move this to a separate changeset as well so that this pr is focused on preauthorize being a capability on eligible authMethods and we can consider bearerAuth being another scheme later
travis error seems unrelated
|
@wing328 is there a way to retrigger the ci manually? otherwise I can push a dummy commit since I don't think the error applies to this changeset |
We've addressed that issue in the latest master. Please merge the latest master into your branch to fix it. |
…rator into OpenAPIToolsgh-1975-VI � Conflicts: � bin/spring-all-petstore.sh � modules/openapi-generator/src/test/java/org/openapitools/codegen/java/spring/SpringCodegenTest.java
Pulled from master and there's an auth issue:
happy to help but I am not sure what I can do from my side othewise I can pull if there is another fix pending on master |
…nAPIToolsgh-1975-VI # Conflicts: # bin/spring-all-petstore.sh # modules/openapi-generator/src/test/java/org/openapitools/codegen/java/spring/SpringCodegenTest.java
As @Walliee mentioned previously, I am doing some workarounds in order to have OpenAPI working and this is a major one. |
Any update on when this can be merged into the releases? @bogdantudor74 Can you please describe the workaround you have in place? We tried a few things without luck. |
@@ -123,6 +126,11 @@ public interface {{classname}} { | |||
{{/headerParams}} | |||
}) | |||
{{/implicitHeaders}} | |||
{{#hasAuthMethods}} | |||
{{#useSpringSecurity}} | |||
@PreAuthorize("{{#authMethods}}{{#isOAuth}}({{#scopes}}hasAuthority('{{scope}}'){{#hasMore}} and {{/hasMore}}{{/scopes}}){{/isOAuth}}{{#isBasicBearer}}({{#scopes}}hasAuthority('{{scope}}'){{#hasMore}} and {{/hasMore}}{{/scopes}}){{/isBasicBearer}}{{#hasMore}} or {{/hasMore}}{{/authMethods}}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will basicbearer auth method have scopes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nevermind.. looks like the PR is adding the capability to do this.
I have written for now a custom annotation which parses the generated @authorization annotations that are present in the Api interface. |
Hey, how is the progress in here? Do you need any help? |
@felixklauke I think this is related to this issue. So at first there must be way how to create structure for securities where we will be able to decide whether it's Proposal about which I was chatting with @jimschubert is to create another structure in |
@bogdantudor74 can you provide a sample for this custom annotation? I'm interested on this. |
here is what we did - this is how our swagger doc looks like - x-custom-role
and then we created a custom template for api.mustache
|
PR checklist
./bin/
(or Windows batch scripts under.\bin\windows
) to update Petstore samples related to your fix. This is important, as CI jobs will verify all generator outputs of your HEAD commit, and these must match the expectations made by your contribution. You only need to run./bin/{LANG}-petstore.sh
,./bin/openapi3/{LANG}-petstore.sh
if updating the code or mustache templates for a language ({LANG}
) (e.g. php, ruby, python, etc).master
,4.3.x
,5.0.x
. Default:master
.FYI @wing328
And to copy other members you cc'd in the other pr
cc @bbdouglas (2017/07) @sreeshas (2017/08) @jfiala (2017/08) @lukoyanov (2017/09) @cbornet (2017/09) @jeff9finger (2018/01) @karismann (2019/03) @Zomzog (2019/04) @lwlee2608 (2019/10) @bkabrda (2020/01)
@patrick-zinner I didn't lose your fix from the previous pr. You will see it incorporated here.
Fixes #1975