Make Spring Security login-endpoint automatically visible in SwaggerUI. Fixes #827

Author: bnasslahsen

pom.xml

@@ -74,6 +74,8 @@
 		<webjars-locator-core.version>0.45</webjars-locator-core.version>
 		<gmavenplus-plugin.version>1.8.1</gmavenplus-plugin.version>
 		<jaxb-impl.version>2.1</jaxb-impl.version>
+		<javax.jws-api.version>1.1</javax.jws-api.version>
+		<jjwt.version>0.9.1</jjwt.version>
 	</properties>
 
 	<dependencyManagement>
@@ -132,6 +134,18 @@
 				<artifactId>jaxb-impl</artifactId>
 				<version>${jaxb-impl.version}</version>
 			</dependency>
+			<dependency>
+				<groupId>javax.jws</groupId>
+				<artifactId>javax.jws-api</artifactId>
+				<version>${javax.jws-api.version}</version>
+				<scope>test</scope>
+			</dependency>
+			<dependency>
+				<groupId>io.jsonwebtoken</groupId>
+				<artifactId>jjwt</artifactId>
+				<version>${jjwt.version}</version>
+				<scope>test</scope>
+			</dependency>
 		</dependencies>
 	</dependencyManagement>
 	<dependencies>

springdoc-openapi-common/src/main/java/org/springdoc/core/Constants.java

@@ -80,6 +80,11 @@ public final class Constants {
 	 */
 	public static final String SPRINGDOC_SCHEMA_RESOLVE_PROPERTIES = "springdoc.api-docs.resolve-schema-properties";
 
+	/**
+	 * The constant SPRINGDOC_SHOW_LOGIN_ENDPOINT.
+	 */
+	public static final String SPRINGDOC_SHOW_LOGIN_ENDPOINT = "springdoc.show-login-endpoint";
+
 	/**
 	 * The constant SPRINGDOC_CACHE_DISABLED.
 	 */

springdoc-openapi-common/src/main/java/org/springdoc/core/SpringDocConfigProperties.java

@@ -125,6 +125,11 @@ public class SpringDocConfigProperties {
 	 */
 	private boolean useFqn;
 
+	/**
+	 * The Show login endpoint.
+	 */
+	private boolean showLoginEndpoint;
+
 	/**
 	 * Is use fqn boolean.
 	 *
@@ -215,6 +220,24 @@ public void setPathsToExclude(List<String> pathsToExclude) {
 		this.pathsToExclude = pathsToExclude;
 	}
 
+	/**
+	 * Is show login endpoint boolean.
+	 *
+	 * @return the boolean
+	 */
+	public boolean isShowLoginEndpoint() {
+		return showLoginEndpoint;
+	}
+
+	/**
+	 * Sets show login endpoint.
+	 *
+	 * @param showLoginEndpoint the show login endpoint
+	 */
+	public void setShowLoginEndpoint(boolean showLoginEndpoint) {
+		this.showLoginEndpoint = showLoginEndpoint;
+	}
+
 	/**
 	 * Gets packages to scan.
 	 *
@@ -663,6 +686,7 @@ public void setEnabled(boolean enabled) {
 		}
 	}
 
+
 	/**
 	 * The type Cache.
 	 * @author bnasslahsen

springdoc-openapi-security/pom.xml

@@ -1,5 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<artifactId>springdoc-openapi</artifactId>
@@ -42,6 +44,16 @@
 			<artifactId>jaxb-impl</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>javax.jws</groupId>
+			<artifactId>javax.jws-api</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 
 </project>

springdoc-openapi-security/src/main/java/org/springdoc/security/SpringDocSecurityConfiguration.java

@@ -20,16 +20,36 @@
 
 package org.springdoc.security;
 
+import java.util.Optional;
+
+import io.swagger.v3.oas.models.Operation;
+import io.swagger.v3.oas.models.PathItem;
+import io.swagger.v3.oas.models.media.Content;
+import io.swagger.v3.oas.models.media.MediaType;
+import io.swagger.v3.oas.models.media.ObjectSchema;
+import io.swagger.v3.oas.models.media.Schema;
+import io.swagger.v3.oas.models.media.StringSchema;
+import io.swagger.v3.oas.models.parameters.RequestBody;
+import io.swagger.v3.oas.models.responses.ApiResponse;
+import io.swagger.v3.oas.models.responses.ApiResponses;
+import org.springdoc.core.customizers.OpenApiCustomiser;
+
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import static org.springdoc.core.Constants.SPRINGDOC_ENABLED;
+import static org.springdoc.core.Constants.SPRINGDOC_SHOW_LOGIN_ENDPOINT;
 import static org.springdoc.core.SpringDocUtils.getConfig;
 
 /**
@@ -65,4 +85,35 @@ SpringSecurityOAuth2Provider springSecurityOAuth2Provider(FrameworkEndpointHandl
 			return new SpringSecurityOAuth2Provider(oauth2EndpointHandlerMapping);
 		}
 	}
+
+	@Bean
+	@ConditionalOnProperty(SPRINGDOC_SHOW_LOGIN_ENDPOINT)
+	@Lazy(false)
+	OpenApiCustomiser springSecurityLoginEndpointCustomiser(FilterChainProxy filterChainProxy) {
+		return openAPI -> {
+			for (SecurityFilterChain filterChain : filterChainProxy.getFilterChains()) {
+				Optional<UsernamePasswordAuthenticationFilter> optionalFilter =
+						filterChain.getFilters().stream()
+								.filter(filterVar -> filterVar instanceof UsernamePasswordAuthenticationFilter)
+								.map(filter -> (UsernamePasswordAuthenticationFilter) filter)
+								.findAny();
+				if (optionalFilter.isPresent()) {
+					UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter = optionalFilter.get();
+					Operation operation = new Operation();
+					Schema<?> schema = new ObjectSchema()
+							.addProperties(usernamePasswordAuthenticationFilter.getUsernameParameter(), new StringSchema())
+							.addProperties(usernamePasswordAuthenticationFilter.getPasswordParameter(), new StringSchema());
+					RequestBody requestBody = new RequestBody().content(new Content().addMediaType("loginRequestBody", new MediaType().schema(schema)));
+					operation.requestBody(requestBody);
+					ApiResponses apiResponses = new ApiResponses();
+					apiResponses.addApiResponse(String.valueOf(HttpStatus.OK.value()), new ApiResponse().description(HttpStatus.OK.getReasonPhrase()));
+					apiResponses.addApiResponse(String.valueOf(HttpStatus.FORBIDDEN.value()), new ApiResponse().description(HttpStatus.FORBIDDEN.getReasonPhrase()));
+					operation.responses(apiResponses);
+					operation.addTagsItem("login-endpoint");
+					PathItem pathItem = new PathItem().post(operation);
+					openAPI.getPaths().addPathItem("/login", pathItem);
+				}
+			}
+		};
+	}
 }

springdoc-openapi-security/src/test/java/test/org/springdoc/api/app6/SpringDocApp6Test.java

@@ -0,0 +1,40 @@
+/*
+ *
+ *  * Copyright 2019-2020 the original author or authors.
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  *      https://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+package test.org.springdoc.api.app6;
+
+import test.org.springdoc.api.AbstractSpringDocTest;
+import test.org.springdoc.api.app6.security.MyUserDetailsService;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.test.context.TestPropertySource;
+
+@TestPropertySource(properties = "springdoc.show-login-endpoint=true")
+public class SpringDocApp6Test extends AbstractSpringDocTest {
+
+	@SpringBootApplication(scanBasePackages = { "test.org.springdoc.api.configuration,test.org.springdoc.api.app6" })
+	static class SpringDocTestApp {
+		@Bean
+		MyUserDetailsService userDetailsService() {
+			return new MyUserDetailsService();
+		}
+
+	}
+
+}

springdoc-openapi-security/src/test/java/test/org/springdoc/api/app6/SpringDocConfig.java

@@ -0,0 +1,31 @@
+package test.org.springdoc.api.app6;
+
+import io.swagger.v3.oas.models.Components;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.security.SecurityRequirement;
+import io.swagger.v3.oas.models.security.SecurityScheme;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+
+@Configuration
+public class SpringDocConfig {
+
+
+	@Bean
+	public OpenAPI myOpenAPI() {
+		final String securitySchemeName = "bearerAuth";
+		return new OpenAPI().info(new Info().title("My MWE API")
+				.description("This document specifies the API")
+				.version("v23"))
+				.addSecurityItem(new SecurityRequirement().addList(securitySchemeName))
+				.components(new Components().addSecuritySchemes(securitySchemeName,
+						new SecurityScheme()
+								.type(SecurityScheme.Type.HTTP)
+								.scheme("bearer")
+								.bearerFormat("JWT")));
+	}
+
+}

springdoc-openapi-security/src/test/java/test/org/springdoc/api/app6/controllers/MyController.java

@@ -0,0 +1,30 @@
+package test.org.springdoc.api.app6.controllers;
+
+import java.util.List;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+
+@RestController
+@RequestMapping("/fax")
+@Tag(name = "Fax stuff", description = "For managing fax machines.")
+public class MyController {
+
+	@Operation(summary = "Get information about currently existing fax machines")
+	@ApiResponse(responseCode = "200", description = "list of existing fax machines")
+	@GetMapping("list")
+	public List<String> getFaxList(@RequestParam(name = "vendorName", required = false)
+	@Parameter(description = "vendor name to restrict the list") String vendorFilter) {
+
+		return null;
+	}
+
+}