Merge pull request #615 from swagger-api/bug/empty-security#492

fixing parsing of empty securityRequirement - refs #492

Author: gracekarina

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/util/OpenAPIDeserializer.java

@@ -2384,28 +2384,30 @@ public List<SecurityRequirement> getSecurityRequirementsList(ArrayNode nodes, St
             if (node.getNodeType().equals(JsonNodeType.OBJECT)) {
                 SecurityRequirement securityRequirement = new SecurityRequirement();
                 Set<String> keys = getKeys((ObjectNode) node);
-                for (String key : keys) {
-                    if (key != null) {
-                        JsonNode value = node.get(key);
-                        if (key != null && JsonNodeType.ARRAY.equals(value.getNodeType())) {
-                            ArrayNode arrayNode = (ArrayNode)value;
-                            List<String> scopes = Stream
-                                    .generate(arrayNode.elements()::next)
-                                    .map((n) -> n.asText())
-                                    .limit(arrayNode.size())
-                                    .collect(Collectors.toList());
-                            securityRequirement.addList(key,scopes);
-                            if (securityRequirement.size() > 0){
-                                securityRequirements.add(securityRequirement);
+                if (keys.size() == 0){
+                    securityRequirements.add(securityRequirement);
+                }else {
+                    for (String key : keys) {
+                        if (key != null) {
+                            JsonNode value = node.get(key);
+                            if (key != null && JsonNodeType.ARRAY.equals(value.getNodeType())) {
+                                ArrayNode arrayNode = (ArrayNode) value;
+                                List<String> scopes = Stream
+                                        .generate(arrayNode.elements()::next)
+                                        .map((n) -> n.asText())
+                                        .limit(arrayNode.size())
+                                        .collect(Collectors.toList());
+                                securityRequirement.addList(key, scopes);
+                                if (securityRequirement.size() > 0) {
+                                    securityRequirements.add(securityRequirement);
+                                }
                             }
                         }
                     }
                 }
             }
         }
 
-
-
         return securityRequirements;
 
     }

modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/util/OpenAPIDeserializerTest.java

@@ -643,6 +643,25 @@ public void readMissingServerObject() throws Exception {
         assertEquals(openAPI.getServers().get(0).getUrl(),"/");
     }
 
+    @Test
+    public void readEmptySecurityRequirement() throws Exception {
+        final ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
+        final JsonNode rootNode = mapper.readTree(Files.readAllBytes(java.nio.file.Paths.get(getClass().getResource("/oas.yaml").toURI())));
+
+        final OpenAPIDeserializer deserializer = new OpenAPIDeserializer();
+        final SwaggerParseResult result = deserializer.deserialize(rootNode);
+
+        Assert.assertNotNull(result);
+
+        final OpenAPI openAPI = result.getOpenAPI();
+        Assert.assertNotNull(openAPI);
+
+        SecurityRequirement securityRequirement = openAPI.getSecurity().get(0);
+
+        assertTrue(securityRequirement.isEmpty());
+        assertEquals(openAPI.getSecurity().size(), 4);
+    }
+
     @Test
     public void readEmptyServerObject() throws Exception {
         final ObjectMapper mapper = new ObjectMapper(new YAMLFactory());

modules/swagger-parser-v3/src/test/resources/oas.yaml

@@ -1,4 +1,10 @@
 openapi: 3.0.1
+"security": [
+  {},
+  {"oauth": […]},
+  {"token-1": []},
+  {"token-2": []}
+]
 paths:
   /pet:
     summary: "summary"