Support per method security requirement in RepositoryRestResource. Fixes #1059

Author: bnasslahsen

springdoc-openapi-common/src/main/java/org/springdoc/core/SecurityService.java

@@ -135,7 +135,7 @@ public io.swagger.v3.oas.annotations.security.SecurityRequirement[] getSecurityR
 	 * @param allSecurityTags the all security tags
 	 * @return the security requirements for method
 	 */
-	private Set<io.swagger.v3.oas.annotations.security.SecurityRequirement> getSecurityRequirementsForMethod(Method method, Set<io.swagger.v3.oas.annotations.security.SecurityRequirement> allSecurityTags) {
+	public Set<io.swagger.v3.oas.annotations.security.SecurityRequirement> getSecurityRequirementsForMethod(Method method, Set<io.swagger.v3.oas.annotations.security.SecurityRequirement> allSecurityTags) {
 		io.swagger.v3.oas.annotations.security.SecurityRequirements methodSecurity = AnnotatedElementUtils.findMergedAnnotation(method, io.swagger.v3.oas.annotations.security.SecurityRequirements.class);
 		if (methodSecurity != null)
 			allSecurityTags = addSecurityRequirements(allSecurityTags, new HashSet<>(Arrays.asList(methodSecurity.value())));

springdoc-openapi-data-rest/src/main/java/org/springdoc/data/rest/core/DataRestOperationService.java

@@ -225,7 +225,7 @@ private Operation buildSearchOperation(HandlerMethod handlerMethod, DataRestRepo
 					.ifPresent(methodParameterPage -> dataRestRequestService.buildCommonParameters(domainType, openAPI, requestMethod, methodAttributes, operation, new String[] { methodParameterPage.getParameterName() }, new MethodParameter[] { methodParameterPage }));
 		}
 		dataRestResponseService.buildSearchResponse(operation, handlerMethod, openAPI, methodResourceMapping, domainType, methodAttributes);
-		tagsBuilder.buildSearchTags(operation, handlerMethod, dataRestRepository);
+		tagsBuilder.buildSearchTags(operation, handlerMethod, dataRestRepository, method);
 		return operation;
 	}
 

springdoc-openapi-data-rest/src/main/java/org/springdoc/data/rest/core/DataRestTagsService.java

@@ -23,6 +23,7 @@
 
 package org.springdoc.data.rest.core;
 
+import java.lang.reflect.Method;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -65,8 +66,8 @@ public DataRestTagsService(OpenAPIService openAPIService) {
 	 * @param dataRestRepository the repository data rest
 	 */
 	public void buildSearchTags(Operation operation, HandlerMethod handlerMethod,
-			DataRestRepository dataRestRepository) {
-		buildTags(operation, handlerMethod, dataRestRepository);
+			DataRestRepository dataRestRepository, Method method) {
+		buildTags(operation, handlerMethod, dataRestRepository, method);
 	}
 
 	/**
@@ -78,18 +79,18 @@ public void buildSearchTags(Operation operation, HandlerMethod handlerMethod,
 	 */
 	public void buildEntityTags(Operation operation, HandlerMethod handlerMethod,
 			DataRestRepository dataRestRepository) {
-		buildTags(operation, handlerMethod, dataRestRepository);
+		buildTags(operation, handlerMethod, dataRestRepository, null);
 	}
 
 	/**
 	 * Build tags.
-	 *
-	 * @param operation the operation
+	 *  @param operation the operation
 	 * @param handlerMethod the handler method
 	 * @param dataRestRepository the repository data rest
+	 * @param method
 	 */
 	private void buildTags(Operation operation, HandlerMethod handlerMethod,
-			DataRestRepository dataRestRepository) {
+			DataRestRepository dataRestRepository, Method method) {
 		String tagName = handlerMethod.getBeanType().getSimpleName();
 		if (SpringRepositoryRestResourceProvider.REPOSITORY_SCHEMA_CONTROLLER.equals(handlerMethod.getBeanType().getName())
 				|| AlpsController.class.equals(handlerMethod.getBeanType())
@@ -111,6 +112,8 @@ else if (dataRestRepository != null && dataRestRepository.getDomainType() != nul
 			}
 			final SecurityService securityParser = openAPIService.getSecurityParser();
 			Set<io.swagger.v3.oas.annotations.security.SecurityRequirement> allSecurityTags = securityParser.getSecurityRequirementsForClass(repositoryType);
+			if (method != null)
+				allSecurityTags = securityParser.getSecurityRequirementsForMethod(method, allSecurityTags);
 			if (!CollectionUtils.isEmpty(allSecurityTags))
 				securityParser.buildSecurityRequirement(allSecurityTags.toArray(new io.swagger.v3.oas.annotations.security.SecurityRequirement[0]), operation);
 		}

springdoc-openapi-data-rest/src/test/java/test/org/springdoc/api/app16/CustomerRepository.java

@@ -23,6 +23,7 @@
 
 package test.org.springdoc.api.app16;
 
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
 import org.springframework.data.domain.Page;
@@ -49,6 +50,7 @@ public interface CustomerRepository extends CrudRepository<Customer, Long>, JpaS
 	 * @param pageable
 	 * @return
 	 */
+	@SecurityRequirement(name = "bearer")
 	Page<Customer> findByLastname(@Param("lastname")  String lastname, Pageable pageable);
 
 	@Override

springdoc-openapi-data-rest/src/test/resources/results/app16.json

@@ -696,7 +696,12 @@
           "404": {
             "description": "Not Found"
           }
-        }
+        },
+        "security": [
+          {
+            "bearer": []
+          }
+        ]
       }
     },
     "/customers/{id}": {
@@ -1004,21 +1009,6 @@
           }
         }
       },
-      "Customer": {
-        "type": "object",
-        "properties": {
-          "id": {
-            "type": "integer",
-            "format": "int64"
-          },
-          "firstname": {
-            "type": "string"
-          },
-          "lastname": {
-            "type": "string"
-          }
-        }
-      },
       "CollectionModelAccount": {
         "type": "object",
         "properties": {
@@ -1038,6 +1028,21 @@
           }
         }
       },
+      "Customer": {
+        "type": "object",
+        "properties": {
+          "id": {
+            "type": "integer",
+            "format": "int64"
+          },
+          "firstname": {
+            "type": "string"
+          },
+          "lastname": {
+            "type": "string"
+          }
+        }
+      },
       "RepresentationModelAccount": {
         "type": "object",
         "properties": {

springdoc-openapi-webflux-core/src/test/java/test/org/springdoc/api/app151/HelloRouter.java

@@ -0,0 +1,64 @@
+/*
+ *
+ *  *
+ *  *  * Copyright 2019-2020 the original author or authors.
+ *  *  *
+ *  *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  *  * you may not use this file except in compliance with the License.
+ *  *  * You may obtain a copy of the License at
+ *  *  *
+ *  *  *      https://www.apache.org/licenses/LICENSE-2.0
+ *  *  *
+ *  *  * Unless required by applicable law or agreed to in writing, software
+ *  *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  *  * See the License for the specific language governing permissions and
+ *  *  * limitations under the License.
+ *  *
+ *
+ */
+
+package test.org.springdoc.api.app151;
+
+import java.util.function.Consumer;
+import java.util.function.Supplier;
+
+import org.springdoc.core.fn.builders.operation.Builder;
+import org.springdoc.webflux.core.fn.SpringdocRouteBuilder;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.reactive.function.server.RequestPredicates;
+import org.springframework.web.reactive.function.server.RouterFunction;
+import org.springframework.web.reactive.function.server.RouterFunctions;
+import org.springframework.web.reactive.function.server.ServerResponse;
+
+import static org.springframework.web.reactive.function.server.RequestPredicates.path;
+import static org.springframework.web.reactive.function.server.RouterFunctions.nest;
+import static test.org.springdoc.api.AbstractSpringDocTest.HANDLER_FUNCTION;
+
+@Configuration
+public class HelloRouter {
+
+	@Bean
+	RouterFunction<?> routeSample() {
+		Supplier<RouterFunction<ServerResponse>> routerFunctionSupplier =
+				() -> SpringdocRouteBuilder.route()
+						.GET("toto", HANDLER_FUNCTION, builder -> builder.operationId("get-user-groups"))
+
+						.POST("/titi", HANDLER_FUNCTION, builder -> builder.operationId("create-user-group-special")).build();
+
+		Consumer<Builder> operationsConsumer = builder ->  { };
+
+			return 	RouterFunctions.nest(RequestPredicates.path("/users"), nest(path("/test"), nest(path("/greeter"),
+					SpringdocRouteBuilder.route()
+						.GET("", HANDLER_FUNCTION, builder -> builder.operationId("get-users"))
+						.POST("/special", HANDLER_FUNCTION, builder -> builder.operationId("create-user-special"))
+						.nest(path("/groups"), routerFunctionSupplier, operationsConsumer)
+						.nest(path("/groups2"), routerFunctionSupplier, operationsConsumer)
+						.nest(path("/greeter3").or(path("/greeter4")), routerFunctionSupplier, operationsConsumer)
+						.build())));
+
+	}
+
+}

springdoc-openapi-webflux-core/src/test/java/test/org/springdoc/api/app151/SpringDocApp150Test.java

@@ -0,0 +1,35 @@
+/*
+ *
+ *  *
+ *  *  * Copyright 2019-2020 the original author or authors.
+ *  *  *
+ *  *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  *  * you may not use this file except in compliance with the License.
+ *  *  * You may obtain a copy of the License at
+ *  *  *
+ *  *  *      https://www.apache.org/licenses/LICENSE-2.0
+ *  *  *
+ *  *  * Unless required by applicable law or agreed to in writing, software
+ *  *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  *  * See the License for the specific language governing permissions and
+ *  *  * limitations under the License.
+ *  *
+ *
+ */
+
+package test.org.springdoc.api.app151;
+
+import test.org.springdoc.api.AbstractSpringDocTest;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
+import org.springframework.context.annotation.ComponentScan;
+
+@AutoConfigureWebTestClient(timeout = "3600000")
+public class SpringDocApp150Test extends AbstractSpringDocTest {
+
+	@SpringBootApplication
+	@ComponentScan(basePackages = { "org.springdoc", "test.org.springdoc.api.app150" })
+	static class SpringDocTestApp {}
+}