OpenAPITools · nhomble · May 18, 2020 · May 19, 2020 · May 19, 2020 · May 20, 2020
diff --git a/bin/configs/spring-boot-security-server.yaml b/bin/configs/spring-boot-security-server.yaml
@@ -0,0 +1,8 @@
+generatorName: spring
+outputDir: samples/server/petstore/spring-security
+library: spring-boot
+inputSpec: modules/openapi-generator/src/test/resources/2_0/petstore-with-fake-endpoints-models-for-testing.yaml
+templateDir: modules/openapi-generator/src/main/resources/JavaSpring
+additionalProperties:
+  useSpringSecurity: true
+  hideGenerationTimestamp: "true"
diff --git a/docs/generators/spring.md b/docs/generators/spring.md
@@ -64,6 +64,7 @@ sidebar_label: spring
 |unhandledException|Declare operation methods to throw a generic exception and allow unhandled exceptions (useful for Spring `@ControllerAdvice` directives).| |false|
 |useBeanValidation|Use BeanValidation API annotations| |true|
 |useOptional|Use Optional container for optional parameters| |false|
+|useSpringSecurity|Use spring-security's @PreAuthorize annotation to invoke authorization rules| |false|
 |useTags|use tags for creating interface and controller classnames| |false|
 |virtualService|Generates the virtual service. For more details refer - https://github.com/elan-venture/virtualan/wiki| |false|
 |withXml|whether to include support for application/xml content type and include XML annotations in the model (works with libraries that provide support for JSON and XML)| |false|

diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java
@@ -1243,7 +1243,7 @@ private List<CodegenSecurity> filterAuthMethods(List<CodegenSecurity> authMethod
 
         for (CodegenSecurity security : authMethods) {
             boolean filtered = false;
-            if (security != null && security.scopes != null) {
+            if (security != null && security.scopes != null && SecurityScheme.Type.OAUTH2.toString().equals(security.type)) {
                 for (SecurityRequirement requirement : securities) {
                     List<String> opScopes = requirement.get(security.name);
                     if (opScopes != null) {
@@ -1259,6 +1259,30 @@ private List<CodegenSecurity> filterAuthMethods(List<CodegenSecurity> authMethod
                     }
                 }
             }
+            // This is separate than the oauth2 case since bearerAuths aren't declared in the scheme definition. They
+            // only exist at the api definition level
+            if (security != null && SecurityScheme.Type.HTTP.toString().equals(security.type)) {
+                for (SecurityRequirement requirement : securities) {
+                    List<String> opScopes = requirement.get(security.name);
+                    if (opScopes != null) {
+                        CodegenSecurity opSecurity = security.filterByScopeNames(Collections.emptyList());
+                        opSecurity.bearerFormat = security.bearerFormat;
+                        opSecurity.scheme = security.scheme;
+                        Iterator<String> it = opScopes.iterator();
+                        opSecurity.scopes = new ArrayList<>();
+                        while(it.hasNext()){
+                            Map<String, Object> scope = new HashMap<>();
+                            scope.put("scope", it.next());
+                            scope.put("hasMore", it.hasNext()? "true": null);
+                            opSecurity.scopes.add(scope);
+                        }
+                        opSecurity.hasMore = security.hasMore;
+                        result.add(opSecurity);
+                        filtered = true;
+                        break;
+                    }
+                }
+            }
 
             // If we didn't get a filtered version, then we can keep the original auth method.
             if (!filtered) {

diff --git a/...les/openapi-generator/src/main/java/org/openapitools/codegen/languages/SpringCodegen.java b/...les/openapi-generator/src/main/java/org/openapitools/codegen/languages/SpringCodegen.java
@@ -71,6 +71,7 @@ public class SpringCodegen extends AbstractJavaCodegen
     public static final String HATEOAS = "hateoas";
     public static final String RETURN_SUCCESS_CODE = "returnSuccessCode";
     public static final String UNHANDLED_EXCEPTION_HANDLING = "unhandledException";
+    public static final String USE_SPRING_SECURITY = "useSpringSecurity";
 
     public static final String OPEN_BRACE = "{";
     public static final String CLOSE_BRACE = "}";
@@ -98,6 +99,7 @@ public class SpringCodegen extends AbstractJavaCodegen
     protected boolean hateoas = false;
     protected boolean returnSuccessCode = false;
     protected boolean unhandledException = false;
+    protected boolean useSpringSecurity = false;
 
     public SpringCodegen() {
         super();
@@ -171,6 +173,7 @@ public SpringCodegen() {
         cliOptions.add(CliOption.newBoolean(HATEOAS, "Use Spring HATEOAS library to allow adding HATEOAS links", hateoas));
         cliOptions.add(CliOption.newBoolean(RETURN_SUCCESS_CODE, "Generated server returns 2xx code", returnSuccessCode));
         cliOptions.add(CliOption.newBoolean(UNHANDLED_EXCEPTION_HANDLING, "Declare operation methods to throw a generic exception and allow unhandled exceptions (useful for Spring `@ControllerAdvice` directives).", unhandledException));
+        cliOptions.add(CliOption.newBoolean(USE_SPRING_SECURITY, "Use spring-security's @PreAuthorize annotation to invoke authorization rules"));
 
         supportedLibraries.put(SPRING_BOOT, "Spring-boot Server application using the SpringFox integration.");
         supportedLibraries.put(SPRING_MVC_LIBRARY, "Spring-MVC Server application using the SpringFox integration.");
@@ -336,6 +339,11 @@ public void processOpts() {
         }
         additionalProperties.put(UNHANDLED_EXCEPTION_HANDLING, this.isUnhandledException());
 
+        if (additionalProperties.containsKey(USE_SPRING_SECURITY)) {
+            this.setUseSpringSecurity(Boolean.valueOf(additionalProperties.get(USE_SPRING_SECURITY).toString()));
+        }
+        writePropertyBack(USE_SPRING_SECURITY, this.useSpringSecurity);
+
         typeMapping.put("file", "Resource");
         importMapping.put("Resource", "org.springframework.core.io.Resource");
 
@@ -820,6 +828,10 @@ public void setUnhandledException(boolean unhandledException) {
         this.unhandledException = unhandledException;
     }
 
+    public void setUseSpringSecurity(boolean useSpringSecurity) {
+        this.useSpringSecurity = useSpringSecurity;
+    }
+
     @Override
     public void postProcessModelProperty(CodegenModel model, CodegenProperty property) {
         super.postProcessModelProperty(model, property);

diff --git a/modules/openapi-generator/src/main/resources/JavaSpring/api.mustache b/modules/openapi-generator/src/main/resources/JavaSpring/api.mustache
@@ -17,6 +17,9 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 {{/jdk8-no-delegate}}
 import org.springframework.http.ResponseEntity;
+{{#useSpringSecurity}}
+import org.springframework.security.access.prepost.PreAuthorize;
+{{/useSpringSecurity}}
 {{#useBeanValidation}}
 import org.springframework.validation.annotation.Validated;
 {{/useBeanValidation}}
@@ -123,6 +126,11 @@ public interface {{classname}} {
     {{/headerParams}}
     })
     {{/implicitHeaders}}
+    {{#hasAuthMethods}}
+        {{#useSpringSecurity}}
+    @PreAuthorize("{{#authMethods}}{{#isOAuth}}({{#scopes}}hasAuthority('{{scope}}'){{#hasMore}} and {{/hasMore}}{{/scopes}}){{/isOAuth}}{{#isBasicBearer}}({{#scopes}}hasAuthority('{{scope}}'){{#hasMore}} and {{/hasMore}}{{/scopes}}){{/isBasicBearer}}{{#hasMore}} or {{/hasMore}}{{/authMethods}}")
+        {{/useSpringSecurity}}
+    {{/hasAuthMethods}}
     @RequestMapping(value = "{{{path}}}",{{#singleContentTypes}}{{#hasProduces}}
         produces = "{{{vendorExtensions.x-accepts}}}", {{/hasProduces}}{{#hasConsumes}}
         consumes = "{{{vendorExtensions.x-contentType}}}",{{/hasConsumes}}{{/singleContentTypes}}{{^singleContentTypes}}{{#hasProduces}}

diff --git a/modules/openapi-generator/src/main/resources/JavaSpring/libraries/spring-boot/pom.mustache b/modules/openapi-generator/src/main/resources/JavaSpring/libraries/spring-boot/pom.mustache
@@ -12,6 +12,9 @@
         {{#useSpringfox}}
         <springfox-version>2.8.0</springfox-version>
         {{/useSpringfox}}
+        {{#useSpringSecurity}}
+        <spring-security-version>5.3.0.RELEASE</spring-security-version>
+        {{/useSpringSecurity}}
     </properties>
 {{#parentOverridden}}
     <parent>
@@ -122,6 +125,13 @@
             <artifactId>jackson-dataformat-yaml</artifactId>
         </dependency>
         {{/useSpringfox}}
+        {{#useSpringSecurity}}
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>${spring-security-version}</version>
+        </dependency>
+        {{/useSpringSecurity}}
         {{#withXml}}
         <!-- XML processing: Jackson -->
         <dependency>