Added the support for spring-security-oauth2 authorization server. Fixes #327

Author: bnasslahsen

Diff for: pom.xml

@@ -70,6 +70,7 @@
         <swagger-api.version>2.1.0</swagger-api.version>
         <swagger-ui.version>3.24.0</swagger-ui.version>
         <webjars-locator.version>0.38</webjars-locator.version>
+        <spring-security-oauth2.version>2.3.5.RELEASE</spring-security-oauth2.version>
     </properties>
 
     <dependencyManagement>
@@ -101,6 +102,11 @@
                 <artifactId>webjars-locator</artifactId>
                 <version>${webjars-locator.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.springframework.security.oauth</groupId>
+                <artifactId>spring-security-oauth2</artifactId>
+                <version>${spring-security-oauth2.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
     <dependencies>

Diff for: springdoc-openapi-common/src/main/java/org/springdoc/core/AbstractRequestBuilder.java

@@ -175,7 +175,7 @@ protected Parameter customiseParameter(Parameter parameter, ParameterInfo parame
     }
 
     protected boolean isParamToIgnore(java.lang.reflect.Parameter parameter) {
-        if (parameter.isAnnotationPresent(PathVariable.class)) {
+        if (parameter.isAnnotationPresent(PathVariable.class) || parameter.isAnnotationPresent(RequestParam.class)) {
             return false;
         }
         return parameterBuilder.isAnnotationToIgnore(parameter) || PARAM_TYPES_TO_IGNORE.contains(parameter.getType()) || (AnnotationUtils.findAnnotation(parameter.getType(), Hidden.class) != null);

Diff for: springdoc-openapi-common/src/main/java/org/springdoc/core/OpenAPIBuilder.java

@@ -42,9 +42,10 @@ public class OpenAPIBuilder {
     private final SecurityParser securityParser;
     private final Map<HandlerMethod, String> springdocTags = new HashMap<>();
     private String serverBaseUrl;
+    private final Optional<SecurityOAuth2Provider> springSecurityOAuth2Provider;
 
     @SuppressWarnings("WeakerAccess")
-    OpenAPIBuilder(Optional<OpenAPI> openAPI, ApplicationContext context, SecurityParser securityParser) {
+    OpenAPIBuilder(Optional<OpenAPI> openAPI, ApplicationContext context, SecurityParser securityParser, Optional<SecurityOAuth2Provider> springSecurityOAuth2Provider) {
         if (openAPI.isPresent()) {
             this.openAPI = openAPI.get();
             if (this.openAPI.getComponents() == null)
@@ -60,6 +61,7 @@ public class OpenAPIBuilder {
         }
         this.context = context;
         this.securityParser = securityParser;
+        this.springSecurityOAuth2Provider = springSecurityOAuth2Provider;
     }
 
     private static String splitCamelCase(String str) {
@@ -308,4 +310,8 @@ public Map<String, Object> getControllerAdviceMap() {
                 controller -> (AnnotationUtils.findAnnotation(controller.getValue().getClass(), Hidden.class) == null))
                 .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue, (a1, a2) -> a1));
     }
+
+    public Optional<SecurityOAuth2Provider> getSpringSecurityOAuth2Provider() {
+        return springSecurityOAuth2Provider;
+    }
 }

Diff for: springdoc-openapi-common/src/main/java/org/springdoc/core/SecurityOAuth2Provider.java

@@ -0,0 +1,10 @@
+package org.springdoc.core;
+
+import java.util.Map;
+
+public interface SecurityOAuth2Provider {
+
+     Map getHandlerMethods();
+
+     Map<String, Object> getFrameworkEndpoints();
+}

Diff for: springdoc-openapi-common/src/main/java/org/springdoc/core/SpringDocConfiguration.java

@@ -46,8 +46,8 @@ IgnoredParameterAnnotationsDefault ignoredParameterAnnotationsDefault() {
     }
 
     @Bean
-    public OpenAPIBuilder openAPIBuilder(Optional<OpenAPI> openAPI, ApplicationContext context, SecurityParser securityParser) {
-        return new OpenAPIBuilder(openAPI, context, securityParser);
+    public OpenAPIBuilder openAPIBuilder(Optional<OpenAPI> openAPI, ApplicationContext context, SecurityParser securityParser,Optional<SecurityOAuth2Provider> springSecurityOAuth2Provider) {
+        return new OpenAPIBuilder(openAPI, context, securityParser,springSecurityOAuth2Provider);
     }
 
     @Bean

Diff for: springdoc-openapi-security/pom.xml

@@ -20,12 +20,22 @@
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+            <optional>true</optional>
+        </dependency>
         <dependency>
             <groupId>org.springdoc</groupId>
-            <artifactId>springdoc-openapi-webflux-core</artifactId>
+            <artifactId>springdoc-openapi-webmvc-core</artifactId>
             <version>${project.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>org.hibernate.validator</groupId>
             <artifactId>hibernate-validator</artifactId>

Diff for: springdoc-openapi-security/src/main/java/org/springdoc/core/SpringDocSecurityConfiguration.java

@@ -1,9 +1,11 @@
 package org.springdoc.core;
 
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;
+import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
 
 import static org.springdoc.core.Constants.SPRINGDOC_ENABLED;
 
@@ -22,4 +24,9 @@ IgnoredParameterTypes ignoredParameterTypes() {
         return new IgnoredParameterTypes();
     }
 
+    @Bean
+    @ConditionalOnBean(FrameworkEndpointHandlerMapping.class)
+    public SpringSecurityOAuth2Provider springSecurityOAuth2Provider(FrameworkEndpointHandlerMapping oauth2EndpointHandlerMapping) {
+        return new SpringSecurityOAuth2Provider(oauth2EndpointHandlerMapping);
+    }
 }

Diff for: springdoc-openapi-security/src/main/java/org/springdoc/core/SpringSecurityOAuth2Provider.java

@@ -0,0 +1,32 @@
+package org.springdoc.core;
+
+import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpoint;
+import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
+
+import java.util.Map;
+
+public class SpringSecurityOAuth2Provider implements SecurityOAuth2Provider {
+
+    private FrameworkEndpointHandlerMapping oauth2EndpointHandlerMapping;
+
+    public SpringSecurityOAuth2Provider(FrameworkEndpointHandlerMapping oauth2EndpointHandlerMapping) {
+        this.oauth2EndpointHandlerMapping = oauth2EndpointHandlerMapping;
+    }
+
+    public FrameworkEndpointHandlerMapping getOauth2EndpointHandlerMapping() {
+        return oauth2EndpointHandlerMapping;
+    }
+
+    @Override
+    public Map<RequestMappingInfo, HandlerMethod> getHandlerMethods() {
+        return oauth2EndpointHandlerMapping.getHandlerMethods();
+    }
+
+    @Override
+    public Map getFrameworkEndpoints(){
+        return oauth2EndpointHandlerMapping.getApplicationContext().getBeansWithAnnotation(FrameworkEndpoint.class);
+    }
+
+}

Diff for: springdoc-openapi-security/src/test/java/test/org/springdoc/api/AbstractSpringDocTest.java

@@ -3,45 +3,58 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.skyscreamer.jsonassert.JSONAssert;
 import org.springdoc.core.Constants;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.reactive.WebFluxTest;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit4.SpringRunner;
-import org.springframework.test.web.reactive.server.EntityExchangeResult;
-import org.springframework.test.web.reactive.server.WebTestClient;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
 
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 
-import static org.junit.Assert.assertEquals;
+import static org.hamcrest.Matchers.is;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 @RunWith(SpringRunner.class)
-@WebFluxTest
+@SpringBootTest
 @ActiveProfiles("test")
+@AutoConfigureMockMvc
 public abstract class AbstractSpringDocTest {
 
+    public static String className;
+
     @Autowired
-    private WebTestClient webTestClient;
+    protected MockMvc mockMvc;
 
     @Autowired
     private ObjectMapper objectMapper;
 
+    @Configuration
+    @EnableAutoConfiguration(exclude = { SecurityAutoConfiguration.class})
+    static class ContextConfiguration { }
+
     @Test
     public void testApp() throws Exception {
-        EntityExchangeResult<byte[]> getResult = webTestClient.get().uri(Constants.DEFAULT_API_DOCS_URL).exchange()
-                .expectStatus().isOk().expectBody().returnResult();
-
-        String result = new String(getResult.getResponseBody());
-        String className = getClass().getSimpleName();
+        className = getClass().getSimpleName();
         String testNumber = className.replaceAll("[^0-9]", "");
-
+        MvcResult mockMvcResult = mockMvc.perform(get(Constants.DEFAULT_API_DOCS_URL)).andExpect(status().isOk())
+                .andExpect(jsonPath("$.openapi", is("3.0.1"))).andReturn();
+        String result = mockMvcResult.getResponse().getContentAsString();
         Path path = Paths.get(getClass().getClassLoader().getResource("results/app" + testNumber + ".json").toURI());
         byte[] fileBytes = Files.readAllBytes(path);
         String expected = new String(fileBytes);
-
-        assertEquals(objectMapper.readTree(expected), objectMapper.readTree(result));
+        JSONAssert.assertEquals(expected, result, true);
     }
 
+
 }

Diff for: springdoc-openapi-security/src/test/java/test/org/springdoc/api/app1/SpringDocApp1Test.java

@@ -1,7 +1,21 @@
 package test.org.springdoc.api.app1;
 
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.info.License;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
 import test.org.springdoc.api.AbstractSpringDocTest;
 
 public class SpringDocApp1Test extends AbstractSpringDocTest {
 
+    @SpringBootApplication(scanBasePackages = {"test.org.springdoc.api.configuration,test.org.springdoc.api.app1"})
+    static class SpringDocTestApp {
+        @Bean
+        public OpenAPI customOpenAPI() {
+            return new OpenAPI()
+                    .info(new Info().title("Security API").version("v1")
+                            .license(new License().name("Apache 2.0").url("http://springdoc.org")));
+        }
+    }
 }

Diff for: springdoc-openapi-security/src/test/java/test/org/springdoc/api/app1/SpringDocTestApp.java

@@ -1,7 +1,22 @@
 package test.org.springdoc.api.app2;
 
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.info.License;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
 import test.org.springdoc.api.AbstractSpringDocTest;
 
 public class SpringDocApp2Test extends AbstractSpringDocTest {
 
+    @SpringBootApplication(scanBasePackages = {"test.org.springdoc.api.configuration,test.org.springdoc.api.app2"})
+    static class SpringDocTestApp {
+        @Bean
+        public OpenAPI customOpenAPI() {
+            return new OpenAPI()
+                    .info(new Info().title("Security API").version("v1")
+                            .license(new License().name("Apache 2.0").url("http://springdoc.org")));
+        }
+    }
+
 }

Diff for: springdoc-openapi-security/src/test/java/test/org/springdoc/api/app2/SpringDocApp2Test.java

@@ -0,0 +1,27 @@
+package test.org.springdoc.api.app3;
+
+import org.junit.Test;
+import org.springframework.boot.SpringBootConfiguration;
+import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class SpringOauth2Test {
+
+    private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
+            .withUserConfiguration(TestApp.class);
+
+    @Test
+    public void configurations_successfully_loaded() {
+        contextRunner
+                .run(context -> assertThat(context)
+                        .hasNotFailed()
+                        .doesNotHaveBean("springSecurityOAuth2Provider")
+                );
+    }
+
+    @SpringBootConfiguration
+    static class TestApp {
+    }
+
+}