io.swagger.v3.oas.models.security.Scopes Java Examples

The following examples show how to use io.swagger.v3.oas.models.security.Scopes. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: OpenApiObjectGenerator.java    From flow with Apache License 2.0 6 votes vote down vote up 
private OpenAPI createBasicModel() {
    OpenAPI openAPI = new OpenAPI();

    Info info = new Info();
    info.setTitle(configuration.getApplicationTitle());
    info.setVersion(configuration.getApplicationApiVersion());
    openAPI.setInfo(info);

    Paths paths = new Paths();
    openAPI.setPaths(paths);

    Server server = new Server();
    server.setUrl(configuration.getServerUrl());
    server.setDescription(configuration.getServerDescription());
    openAPI.setServers(Collections.singletonList(server));
    Components components = new Components();
    SecurityScheme vaadinConnectOAuth2Scheme = new SecurityScheme()
            .type(SecurityScheme.Type.OAUTH2)
            .flows(new OAuthFlows().password(new OAuthFlow()
                    .tokenUrl(VAADIN_CONNECT_OAUTH2_TOKEN_URL)
                    .scopes(new Scopes())));
    components.addSecuritySchemes(VAADIN_CONNECT_OAUTH2_SECURITY_SCHEME,
            vaadinConnectOAuth2Scheme);
    openAPI.components(components);
    return openAPI;
}
Example #2
Source File: OASParserUtil.java    From carbon-apimgt with Apache License 2.0 6 votes vote down vote up 
private static void setScopes(final OpenAPI destOpenAPI, final Set<Scope> aggregatedScopes) {
    Map<String, SecurityScheme> securitySchemes;
    SecurityScheme securityScheme;
    OAuthFlow oAuthFlow;
    Scopes scopes = new Scopes();
    if (destOpenAPI.getComponents() != null &&
            (securitySchemes = destOpenAPI.getComponents().getSecuritySchemes()) != null &&
            (securityScheme = securitySchemes.get(OAS3Parser.OPENAPI_SECURITY_SCHEMA_KEY)) != null &&
            (oAuthFlow = securityScheme.getFlows().getImplicit()) != null) {

        Map<String, String> scopeBindings = new HashMap<>();

        for (Scope scope : aggregatedScopes) {
            scopes.addString(scope.getKey(), scope.getDescription());
            scopeBindings.put(scope.getKey(), scope.getRoles());
        }

        oAuthFlow.setScopes(scopes);

        Map<String, Object> extensions = new HashMap<>();
        extensions.put(APIConstants.SWAGGER_X_SCOPES_BINDINGS, scopeBindings);
        oAuthFlow.setExtensions(extensions);
    }
}
Example #3
Source File: SecurityParser.java    From springdoc-openapi with Apache License 2.0 5 votes vote down vote up 
/**
 * Gets scopes.
 *
 * @param scopes the scopes
 * @return the scopes
 */
private Optional<Scopes> getScopes(OAuthScope[] scopes) {
	if (isEmpty(scopes))
		return Optional.empty();

	Scopes scopesObject = new Scopes();
	Arrays.stream(scopes).forEach(scope -> scopesObject.addString(scope.name(), scope.description()));
	return Optional.of(scopesObject);
}
Example #4
Source File: ProtoOpenAPI.java    From product-microgateway with Apache License 2.0 5 votes vote down vote up 
/**
 * Add scopes to the security schema.
 *
 * @param scope scope
 */
private void addScopeToSchema(String scope) {
    if (StringUtils.isEmpty(scope)) {
        return;
    }
    SecurityScheme scheme = openAPI.getComponents().getSecuritySchemes().get(OAUTH2_SCHEME);
    if (!scheme.getFlows().getImplicit().getScopes().containsKey(scope)) {
        //scopes description is set as a null string
        scheme.getFlows().getImplicit().setScopes(new Scopes().addString(scope, ""));
    }
}
Example #5
Source File: OAS3Parser.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up 
/**
 * This method returns the oauth scopes according to the given swagger
 *
 * @param resourceConfigsJSON resource json
 * @return scope set
 * @throws APIManagementException
 */
@Override
public Set<Scope> getScopes(String resourceConfigsJSON) throws APIManagementException {
    OpenAPI openAPI = getOpenAPI(resourceConfigsJSON);
    Map<String, SecurityScheme> securitySchemes;
    SecurityScheme securityScheme;
    OAuthFlow oAuthFlow;
    Scopes scopes;
    if (openAPI.getComponents() != null && (securitySchemes = openAPI.getComponents().getSecuritySchemes()) != null
            && (securityScheme = securitySchemes.get(OPENAPI_SECURITY_SCHEMA_KEY)) != null
            && (oAuthFlow = securityScheme.getFlows().getImplicit()) != null
            && (scopes = oAuthFlow.getScopes()) != null) {
        Set<Scope> scopeSet = new HashSet<>();
        for (Map.Entry<String, String> entry : scopes.entrySet()) {
            Scope scope = new Scope();
            scope.setKey(entry.getKey());
            scope.setName(entry.getKey());
            scope.setDescription(entry.getValue());
            Map<String, String> scopeBindings;
            if (oAuthFlow.getExtensions() != null && (scopeBindings =
                    (Map<String, String>) oAuthFlow.getExtensions().get(APIConstants.SWAGGER_X_SCOPES_BINDINGS))
                    != null) {
                if (scopeBindings.get(scope.getKey()) != null) {
                    scope.setRoles(scopeBindings.get(scope.getKey()));
                }
            }
            scopeSet.add(scope);
        }
        return OASParserUtil.sortScopes(scopeSet);
    } else {
        return OASParserUtil.sortScopes(getScopesFromExtensions(openAPI));
    }
}
Example #6
Source File: OpenAPIResourceBeanConfigurationComponentsSecuritySchemesTest.java    From springdoc-openapi with Apache License 2.0 4 votes vote down vote up 
@Bean
public OpenAPI openApi() {
	return new OpenAPI()
			.components(new Components()

					//HTTP Basic, see: https://swagger.io/docs/specification/authentication/basic-authentication/
					.addSecuritySchemes("basicScheme", new SecurityScheme()
							.type(SecurityScheme.Type.HTTP)
							.scheme("basic")
					)

					//API Key, see: https://swagger.io/docs/specification/authentication/api-keys/
					.addSecuritySchemes("apiKeyScheme", new SecurityScheme()
							.type(SecurityScheme.Type.APIKEY)
							.in(SecurityScheme.In.HEADER)
							.name("X-API-KEY")
					)

					//OAuth 2.0, see: https://swagger.io/docs/specification/authentication/oauth2/
					.addSecuritySchemes("oAuthScheme", new SecurityScheme()
							.type(SecurityScheme.Type.OAUTH2)
							.description("This API uses OAuth 2 with the implicit grant flow. [More info](https://api.example.com/docs/auth)")
							.flows(new OAuthFlows()
									.implicit(new OAuthFlow()
											.authorizationUrl("https://api.example.com/oauth2/authorize")
											.scopes(new Scopes()
													.addString("read_pets", "read your pets")
													.addString("write_pets", "modify pets in your account")
											)
									)
							)
					)
			)
			.addSecurityItem(new SecurityRequirement()
					.addList("basicScheme")
			)
			.addSecurityItem(new SecurityRequirement()
					.addList("apiKeyScheme")
			)
			.addSecurityItem(new SecurityRequirement()
					.addList("oAuthScheme")
			)
			;
}
Example #7
Source File: SwaggerConverter.java    From swagger-parser with Apache License 2.0 4 votes vote down vote up 
private SecurityScheme convertOauth2SecurityScheme(SecuritySchemeDefinition definition) {
    SecurityScheme securityScheme = new SecurityScheme();
    OAuth2Definition oAuth2Definition = (OAuth2Definition) definition;
    OAuthFlows oAuthFlows = new OAuthFlows();
    OAuthFlow oAuthFlow = new OAuthFlow();

    securityScheme.setType(SecurityScheme.Type.OAUTH2);
    String flow = oAuth2Definition.getFlow();

    if (flow != null) {
        switch (flow) {
            case "implicit":
                oAuthFlow.setAuthorizationUrl(oAuth2Definition.getAuthorizationUrl());
                oAuthFlows.setImplicit(oAuthFlow);
                break;
            case "password":
                oAuthFlow.setTokenUrl(oAuth2Definition.getTokenUrl());
                oAuthFlows.setPassword(oAuthFlow);
                break;
            case "application":
                oAuthFlow.setTokenUrl(oAuth2Definition.getTokenUrl());
                oAuthFlows.setClientCredentials(oAuthFlow);
                break;
            case "accessCode":
                oAuthFlow.setAuthorizationUrl(oAuth2Definition.getAuthorizationUrl());
                oAuthFlow.setTokenUrl(oAuth2Definition.getTokenUrl());
                oAuthFlows.setAuthorizationCode(oAuthFlow);
                break;
        }
    }

    Scopes scopes = new Scopes();
    Map<String, String> oAuth2Scopes = oAuth2Definition.getScopes();
    if (oAuth2Scopes != null) {
        oAuth2Scopes.forEach((k, v) -> scopes.addString(k, v));
    }
    oAuthFlow.setScopes(scopes);

    securityScheme.setFlows(oAuthFlows);

    return securityScheme;
}
Example #8
Source File: OpenAPIDeserializer.java    From swagger-parser with Apache License 2.0 4 votes vote down vote up 
public OAuthFlow getOAuthFlow(String oAuthFlowType, ObjectNode node, String location, ParseResult result) {
    if (node == null) {
        return null;
    }

    OAuthFlow oAuthFlow = new OAuthFlow();

    boolean authorizationUrlRequired, tokenUrlRequired, refreshUrlRequired, scopesRequired;
    authorizationUrlRequired = tokenUrlRequired = refreshUrlRequired = false;
    scopesRequired = true;
    switch (oAuthFlowType) {
      case "implicit":
        authorizationUrlRequired=true;
        break;
      case "password":
        tokenUrlRequired=true;
        break;
      case "clientCredentials":
        tokenUrlRequired=true;
        break;
      case "authorizationCode":
        authorizationUrlRequired = tokenUrlRequired=true;
        break;
    }

    String value = getString("authorizationUrl", node, authorizationUrlRequired, location, result);
    if (StringUtils.isNotBlank(value)) {
        oAuthFlow.setAuthorizationUrl(value);
    }

    value = getString("tokenUrl", node, tokenUrlRequired, location, result);
    if (StringUtils.isNotBlank(value)) {
        oAuthFlow.setTokenUrl(value);
    }

    value = getString("refreshUrl", node, refreshUrlRequired, location, result);
    if (StringUtils.isNotBlank(value)) {
        oAuthFlow.setRefreshUrl(value);
    }

    ObjectNode scopesObject = getObject("scopes",node, scopesRequired,location,result);

    Scopes scope = new Scopes();
    Set<String> keys = getKeys(scopesObject);
    for(String name : keys) {
        JsonNode scopeValue = scopesObject.get(name);
        if (scopesObject!= null){
            scope.addString(name,scopeValue.asText());
        }
    }
    oAuthFlow.setScopes(scope);

    Map <String,Object> extensions = getExtensions(node);
    if(extensions != null && extensions.size() > 0) {
        oAuthFlow.setExtensions(extensions);
    }

    Set<String> oAuthFlowKeys = getKeys(node);
    for(String key : oAuthFlowKeys) {
        if(!OAUTHFLOW_KEYS.contains(key) && !key.startsWith("x-")) {
            result.extra(location, key, node.get(key));
        }
    }

    return oAuthFlow;
}
Example #9
Source File: OAS3Parser.java    From carbon-apimgt with Apache License 2.0 3 votes vote down vote up 
/**
 * This is to avoid removing the `scopes` field of default security scheme when there are no scopes present. This
 * will set an empty scope object there.
 *
 *   securitySchemes:
 *     default:
 *       type: oauth2
 *       flows:
 *         implicit:
 *           authorizationUrl: 'https://test.com'
 *           scopes: {}
 *           x-scopes-bindings: {}
 *
 * @param swagger OpenAPI object
 */
private void checkAndSetEmptyScope(OpenAPI swagger) {
    Components comp = swagger.getComponents();
    Map<String, SecurityScheme> securitySchemeMap;
    SecurityScheme securityScheme;
    OAuthFlows oAuthFlows;
    OAuthFlow implicitFlow;
    if (comp != null && (securitySchemeMap = comp.getSecuritySchemes()) != null &&
            (securityScheme = securitySchemeMap.get(OPENAPI_SECURITY_SCHEMA_KEY)) != null &&
            (oAuthFlows = securityScheme.getFlows()) != null &&
            (implicitFlow = oAuthFlows.getImplicit()) != null && implicitFlow.getScopes() == null) {
        implicitFlow.setScopes(new Scopes());
    }
}