Multiple @Securityscheme inside a @SecuritySchemes are not present in the openapi spec. Fixes #1125

bnasslahsen · bnasslahsen · commit 382f009b35c4 · 2021-03-31T19:43:39.000+02:00
diff --git a/springdoc-openapi-common/src/main/java/org/springdoc/core/OpenAPIService.java b/springdoc-openapi-common/src/main/java/org/springdoc/core/OpenAPIService.java
@@ -22,6 +22,7 @@
 
 import java.lang.reflect.Method;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -39,6 +40,7 @@
 import io.swagger.v3.core.util.AnnotationsUtils;
 import io.swagger.v3.oas.annotations.Hidden;
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.security.SecuritySchemes;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.tags.Tags;
 import io.swagger.v3.oas.models.Components;
@@ -51,6 +53,7 @@
 import io.swagger.v3.oas.models.media.Schema;
 import io.swagger.v3.oas.models.security.SecurityScheme;
 import io.swagger.v3.oas.models.servers.Server;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -526,6 +529,7 @@ private void calculateSecuritySchemes(Components components) {
 		else {
 			ClassPathScanningCandidateComponentProvider scanner = new ClassPathScanningCandidateComponentProvider(
 					false);
+			scanner.addIncludeFilter(new AnnotationTypeFilter(io.swagger.v3.oas.annotations.security.SecuritySchemes.class));
 			scanner.addIncludeFilter(
 					new AnnotationTypeFilter(io.swagger.v3.oas.annotations.security.SecurityScheme.class));
 			if (AutoConfigurationPackages.has(context)) {
@@ -612,6 +616,10 @@ private Set<io.swagger.v3.oas.annotations.security.SecurityScheme> getSecuritySc
 				try {
 					apiSecurityScheme.add(AnnotationUtils.findAnnotation(Class.forName(bd.getBeanClassName()),
 							io.swagger.v3.oas.annotations.security.SecurityScheme.class));
+					SecuritySchemes apiSecuritySchemes
+							= AnnotationUtils.findAnnotation(Class.forName(bd.getBeanClassName()), io.swagger.v3.oas.annotations.security.SecuritySchemes.class);
+					if (apiSecuritySchemes!=null && !ArrayUtils.isEmpty(apiSecuritySchemes.value()))
+						Arrays.stream(apiSecuritySchemes.value()).forEach(apiSecurityScheme::add);
 				}
 				catch (ClassNotFoundException e) {
 					LOGGER.error("Class Not Found in classpath : {}", e.getMessage());
diff --git a/springdoc-openapi-webmvc-core/src/test/java/test/org/springdoc/api/app154/HelloController.java b/springdoc-openapi-webmvc-core/src/test/java/test/org/springdoc/api/app154/HelloController.java
@@ -0,0 +1,34 @@
+/*
+ *
+ *  * Copyright 2019-2020 the original author or authors.
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  *      https://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+package test.org.springdoc.api.app154;
+
+import java.time.Instant;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class HelloController {
+
+	@GetMapping(path = "/")
+	public String hello() {
+		return "Hello world at " + Instant.now().toString();
+	}
+
+}
diff --git a/springdoc-openapi-webmvc-core/src/test/java/test/org/springdoc/api/app154/OpenApiConfiguration.java b/springdoc-openapi-webmvc-core/src/test/java/test/org/springdoc/api/app154/OpenApiConfiguration.java
@@ -0,0 +1,27 @@
+package test.org.springdoc.api.app154;
+
+import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
+import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
+import io.swagger.v3.oas.annotations.security.SecuritySchemes;
+
+@OpenAPIDefinition(info = @Info(title = "toto",version = "1.0"),
+		security = {@SecurityRequirement(name = "basicAuth"), @SecurityRequirement(name = "bearerToken")}
+)
+@SecuritySchemes({
+		@SecurityScheme(
+				name = "basicAuth",
+				type = SecuritySchemeType.HTTP,
+				scheme = "basic"
+		),
+		@SecurityScheme(
+				name = "bearerToken",
+				type = SecuritySchemeType.HTTP,
+				scheme = "bearer",
+				bearerFormat = "JWT"
+		)
+})
+public class OpenApiConfiguration {
+}
diff --git a/springdoc-openapi-webmvc-core/src/test/java/test/org/springdoc/api/app154/SpringDocApp154Test.java b/springdoc-openapi-webmvc-core/src/test/java/test/org/springdoc/api/app154/SpringDocApp154Test.java
@@ -0,0 +1,34 @@
+/*
+ *
+ *  * Copyright 2019-2020 the original author or authors.
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  *      https://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+package test.org.springdoc.api.app154;
+
+
+import test.org.springdoc.api.AbstractSpringDocTest;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+/**
+ * Tests Spring meta-annotations as method parameters
+ */
+public class SpringDocApp154Test extends AbstractSpringDocTest {
+
+	@SpringBootApplication
+	static class SpringDocTestApp {}
+
+}
diff --git a/springdoc-openapi-webmvc-core/src/test/resources/results/app154.json b/springdoc-openapi-webmvc-core/src/test/resources/results/app154.json
@@ -0,0 +1,56 @@
+{
+  "openapi": "3.0.1",
+  "info": {
+    "title": "toto",
+    "version": "1.0"
+  },
+  "servers": [
+    {
+      "url": "http://localhost",
+      "description": "Generated server url"
+    }
+  ],
+  "security": [
+    {
+      "basicAuth": []
+    },
+    {
+      "bearerToken": []
+    }
+  ],
+  "paths": {
+    "/": {
+      "get": {
+        "tags": [
+          "hello-controller"
+        ],
+        "operationId": "hello",
+        "responses": {
+          "200": {
+            "description": "OK",
+            "content": {
+              "*/*": {
+                "schema": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  },
+  "components": {
+    "securitySchemes": {
+      "bearerToken": {
+        "type": "http",
+        "scheme": "bearer",
+        "bearerFormat": "JWT"
+      },
+      "basicAuth": {
+        "type": "http",
+        "scheme": "basic"
+      }
+    }
+  }
+}
