Bean validation integration

api/src/main/java/org/eclipse/microprofile/openapi/OASConfig.java

@@ -67,6 +67,11 @@ private OASConfig() {
      */
     public static final String SCAN_EXCLUDE_CLASSES = "mp.openapi.scan.exclude.classes";
 
+    /**
+     * Configuration property to enable or disable scanning Jakarta Bean Validation annotations
+     */
+    public static final String SCAN_BEANVALIDATION = "mp.openapi.scan.beanvalidation";
+
     /**
      * Configuration property to specify the list of global servers that provide connectivity information.
      * 

api/src/main/java/org/eclipse/microprofile/openapi/annotations/OpenAPIDefinition.java

@@ -69,8 +69,8 @@
     /**
      * A declaration of which security mechanisms can be used across the API.
      * <p>
-     * Adding a {@code SecurityRequirement} to this array is equivalent to adding a {@code SecurityRequirementsSet} containing
-     * a single {@code SecurityRequirement} to {@link #securitySets()}.
+     * Adding a {@code SecurityRequirement} to this array is equivalent to adding a {@code SecurityRequirementsSet}
+     * containing a single {@code SecurityRequirement} to {@link #securitySets()}.
      * 
      * @return the array of security requirements for this API
      */

api/src/main/java/org/eclipse/microprofile/openapi/annotations/security/SecurityRequirements.java

@@ -25,8 +25,8 @@
 /**
  * Container annotation for repeated {@link SecurityRequirement} annotations.
  * <p>
- * Note that <em>each</em> {@code SecurityRequirement} annotation is equivalent to a {@link SecurityRequirementsSet} annotation containing only that
- * annotation.
+ * Note that <em>each</em> {@code SecurityRequirement} annotation is equivalent to a {@link SecurityRequirementsSet}
+ * annotation containing only that annotation.
  * 
  * <pre>
  * <b>Example:</b> 

api/src/main/java/org/eclipse/microprofile/openapi/annotations/security/SecurityRequirementsSet.java

@@ -26,18 +26,21 @@
 import org.eclipse.microprofile.openapi.annotations.OpenAPIDefinition;
 
 /**
- * This annotation represents a set of security requirements which permit access to an operation if all of them are satisfied.
+ * This annotation represents a set of security requirements which permit access to an operation if all of them are
+ * satisfied.
  * <p>
- * If this annotation is applied to a method which corresponds to an operation, then the requirements will be added to that operation.
+ * If this annotation is applied to a method which corresponds to an operation, then the requirements will be added to
+ * that operation.
  * <p>
- * If this annotation is applied to a class which contains methods which correspond to operations, then the requirements will be added to all
- * operations corresponding to methods within that class which don't specify any other requirements.
+ * If this annotation is applied to a class which contains methods which correspond to operations, then the requirements
+ * will be added to all operations corresponding to methods within that class which don't specify any other
+ * requirements.
  * <p>
- * Security requirements can be specified for the whole API using {@link OpenAPIDefinition#securitySets()}. Security requirements specified
- * for individual operations override those specified for the whole API.
+ * Security requirements can be specified for the whole API using {@link OpenAPIDefinition#securitySets()}. Security
+ * requirements specified for individual operations override those specified for the whole API.
  * <p>
- * If multiple security requirement sets are specified for an operation, then a user must satisfy all of the requirements within any one of the sets
- * to access the operation.
+ * If multiple security requirement sets are specified for an operation, then a user must satisfy all of the
+ * requirements within any one of the sets to access the operation.
  * <p>
  * An empty security requirement set indicates that authentication is not required.
  * <p>
@@ -51,8 +54,8 @@
  * </pre>
  * 
  * @see <a href=
- * "https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#security-requirement-object">SecurityRequirement
- * Object</a>
+ *      "https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#security-requirement-object">SecurityRequirement
+ *      Object</a>
  **/
 @Target({ElementType.METHOD, ElementType.TYPE})
 @Retention(RetentionPolicy.RUNTIME)

api/src/main/java/org/eclipse/microprofile/openapi/annotations/security/SecurityRequirementsSets.java

@@ -24,18 +24,23 @@
 import java.lang.annotation.Target;
 
 /**
- * Represents an array of security requirement sets that apply to an operation. Only one of requirement sets needs be satisfied to access the
- * operation.
+ * Represents an array of security requirement sets that apply to an operation. Only one of requirement sets needs be
+ * satisfied to access the operation.
  * <p>
- * If this annotation is applied to a method which corresponds to an operation, then the requirements will be added to that operation.
+ * If this annotation is applied to a method which corresponds to an operation, then the requirements will be added to
+ * that operation.
  * <p>
- * If this annotation is applied to a class which contains methods which correspond to operations, then the requirements will be added to all
- * operations corresponding to methods within that class which don't specify any other requirements.
+ * If this annotation is applied to a class which contains methods which correspond to operations, then the requirements
+ * will be added to all operations corresponding to methods within that class which don't specify any other
+ * requirements.
  * <p>
- * This annotation may be used with {@code value} set to an empty array. When applied like this to a method or class, it indicates that no security
- * requirements apply to the corresponding operations. This can be used to override security requirements which are specified for the whole API.
+ * This annotation may be used with {@code value} set to an empty array. When applied like this to a method or class, it
+ * indicates that no security requirements apply to the corresponding operations. This can be used to override security
+ * requirements which are specified for the whole API.
  * <p>
- * A {@code SecurityRequirementSets} annotation corresponds to an array of maps of security requirements in an OpenAPI document.
+ * A {@code SecurityRequirementSets} annotation corresponds to an array of maps of security requirements in an OpenAPI
+ * document.
+ * 
  * <pre>
  * <b>Example:</b> 
  * security: 

api/src/main/java/org/eclipse/microprofile/openapi/package-info.java

@@ -16,6 +16,6 @@
  * v3 documents from their JAX-RS applications.
  */
 
-@org.osgi.annotation.versioning.Version("2.0")
+@org.osgi.annotation.versioning.Version("2.1")
 @org.osgi.annotation.versioning.ProviderType
 package org.eclipse.microprofile.openapi;

spec/src/main/asciidoc/microprofile-openapi-spec.asciidoc

@@ -119,6 +119,10 @@ Configuration property to specify the list of packages to exclude from scans. Fo
 Configuration property to specify the list of classes to exclude from scans. For example,
 `mp.openapi.scan.exclude.classes=com.xyz.MyClassC,com.xyz.MyClassD`
 
+[#scan-beanvalidation-config]
+`mp.openapi.scan.beanvalidation`::
+Configuration property to enable or disable the scanning and processing of Jakarta Bean Validation annotations. Defaults to `true`.
+
 `mp.openapi.servers`::
 Configuration property to specify the list of global servers that provide connectivity information. For example,
 `mp.openapi.servers=https://xyz.com/v1,https://abc.com/v1`
@@ -573,6 +577,48 @@ post:
 
 For more samples please see the https://github.com/eclipse/microprofile-open-api/wiki[MicroProfile Wiki].
 
+==== Jakarta Bean Validation Annotations
+
+In some cases, additional schema restrictions can be inferred from Jakarta Bean Validation annotations and used to enhance the generated OpenAPI document.
+
+Implementations are required to process Jakarta Bean Validation annotations and add the properties listed in the table below to the schema model when:
+* the annotation is applied to to an element for which a schema is generated and
+* the annotation and generated schema type are listed together in the table below and
+* the annotation has a `group` attribute which is empty or includes `jakarta.validation.groups.Default` and
+* the user has not set any of the relevant property values using other annotations and
+* processing of bean validation annotations has not been disabled <<scan-beanvalidation-config,via configuration>>
+
+|===
+| Annotation | Schema type | Schema properties to set
+| `@NotEmpty` | `string` | `minLength = 1`
+| `@NotEmpty` | `array` | `minItems = 1`
+| `@NotEmpty` | `object` | `minProperties = 1`
+| `@NotBlank` | `string` | `pattern = \S`
+| `@Size(min = a, max = b)` | `string`
+| `minLength = a` +
+`maxLenth = b`
+| `@Size(min = a, max = b)` | `array`
+| `minItems = a` +
+`maxItems = b`
+| `@Size(min = a, max = b)` | `object`
+| `minProperties = a` +
+`maxProperties = b`
+| `@DecimalMax(value = a)` | `number` or `integer` | `maximum = a`
+| `@DecimalMax(value = a, exclusive = false)` | `number` or `integer` | `maximum = a` +
+`exclusiveMaximum = true`
+| `@DecimalMin(value = a)` | `number` or `integer` | `minimum = a`
+| `@DecimalMin(value = a, exclusive = false)` | `number` or `integer` | `minimum = a` +
+`exclusiveMinimum = true`
+| `@Max(a)` | `number` or `integer` | `maximum = a`
+| `@Min(a)` | `number` or `integer` | `minimum = a`
+| `@Negative` | `number` or `integer` | `maximum = 0` +
+`exclusiveMaximum = true`
+| `@NegativeOrZero` | `number` or `integer` | `maximum = 0`
+| `@Positive` | `number` or `integer` | `minimum = 0` +
+`exclusiveMinimum = true`
+| `@PositiveOrZero` | `number` or `integer` | `minimum = 0`
+|===
+
 === Static OpenAPI files
 
 Application developers may wish to include a pre-generated OpenAPI document that

tck/pom.xml

@@ -49,6 +49,12 @@
             <version>3.0.0</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>jakarta.validation</groupId>
+            <artifactId>jakarta.validation-api</artifactId>
+            <version>3.0.0</version>
+            <scope>provided</scope>
+        </dependency>
 
         <dependency>
             <groupId>org.testng</groupId>

tck/src/main/java/org/eclipse/microprofile/openapi/apps/beanvalidation/BeanValidationApp.java

@@ -0,0 +1,24 @@
+/**
+ * Copyright (c) 2022 Contributors to the Eclipse Foundation
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.eclipse.microprofile.openapi.apps.beanvalidation;
+
+import jakarta.ws.rs.ApplicationPath;
+import jakarta.ws.rs.core.Application;
+
+@ApplicationPath("/")
+public class BeanValidationApp extends Application {
+
+}