Merge pull request #1380 from xhh/java-global-security

Apply global security to operations when necessary
2015-10-16 12:50:41 +08:00
parent ab026fdde3 a1fa0b0834
commit 084e7f7199
7 changed files with 1132 additions and 14 deletions
--- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/DefaultGenerator.java
+++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/DefaultGenerator.java
@@ -12,6 +12,7 @@ import io.swagger.models.License;
 import io.swagger.models.Model;
 import io.swagger.models.Operation;
 import io.swagger.models.Path;
+import io.swagger.models.SecurityRequirement;
 import io.swagger.models.Swagger;
 import io.swagger.models.auth.OAuth2Definition;
 import io.swagger.models.auth.SecuritySchemeDefinition;
@@ -476,16 +477,25 @@ public class DefaultGenerator extends AbstractGenerator implements Generator {
                    config.addOperationToGroup(sanitizeTag(tag), resourcePath, operation, co, operations);

                    List<Map<String, List<String>>> securities = operation.getSecurity();
-                    if (securities == null) {
+                    if (securities == null && swagger.getSecurity() != null) {
+                        securities = new ArrayList<Map<String, List<String>>>();
+                        for (SecurityRequirement sr : swagger.getSecurity()) {
+                            securities.add(sr.getRequirements());
+                        }
+                    }
+                    if (securities == null || securities.isEmpty()) {
                        continue;
                    }
                    Map<String, SecuritySchemeDefinition> authMethods = new HashMap<String, SecuritySchemeDefinition>();
-                    for (Map<String, List<String>> security : securities) {
-                        if (security.size() != 1) {
-                            //Not sure what to do
-                            continue;
-                        }
-                        String securityName = security.keySet().iterator().next();
+                    // NOTE: Use only the first security requirement for now.
+                    // See the "security" field of "Swagger Object":
+                    //  https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md#swagger-object
+                    //  "there is a logical OR between the security requirements"
+                    if (securities.size() > 1) {
+                        LOGGER.warn("More than 1 security requirements are found, using only the first one");
+                    }
+                    Map<String, List<String>> security = securities.get(0);
+                    for (String securityName : security.keySet()) {
                        SecuritySchemeDefinition securityDefinition = fromSecurity(securityName);
                        if (securityDefinition != null) {
                            if(securityDefinition instanceof OAuth2Definition) {
@@ -496,7 +506,7 @@ public class DefaultGenerator extends AbstractGenerator implements Generator {
                                oauth2Operation.setFlow(oauth2Definition.getFlow());
                                oauth2Operation.setTokenUrl(oauth2Definition.getTokenUrl());
                                oauth2Operation.setScopes(new HashMap<String, String>());
-                                for (String scope : security.values().iterator().next()) {
+                                for (String scope : security.get(securityName)) {
                                    if (oauth2Definition.getScopes().containsKey(scope)) {
                                        oauth2Operation.addScope(scope, oauth2Definition.getScopes().get(scope));
                                    }