/
SecurityScheme.java
149 lines (136 loc) · 5.22 KB
/
SecurityScheme.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
/**
* Copyright (c) 2017 Contributors to the Eclipse Foundation
* Copyright 2017 SmartBear Software
* <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.eclipse.microprofile.openapi.annotations.security;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Repeatable;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.eclipse.microprofile.openapi.annotations.enums.SecuritySchemeIn;
import org.eclipse.microprofile.openapi.annotations.enums.SecuritySchemeType;
import org.eclipse.microprofile.openapi.annotations.extensions.Extension;
/**
* Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key
* (either as a header or as a query parameter), OAuth2's common flows (implicit, password, application and access code)
* as defined in RFC6749, and OpenID Connect Discovery.
*
* @see "https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#security-scheme-object"
**/
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Repeatable(SecuritySchemes.class)
@Inherited
public @interface SecurityScheme {
/**
* The name of this SecurityScheme. Used as the key to add this security scheme to the 'securitySchemes' map under
* Components object.
* <p>
* It is a REQUIRED property unless this is only a reference to a security scheme instance.
* </p>
*
* @return the name of this SecurityScheme instance
**/
String securitySchemeName() default "";
/**
* The type of the security scheme. Valid values are defined by SecuritySchemeType enum. Ignored when empty string.
* <p>
* Type is a REQUIRED property unless this is only a reference to a SecuirtyScheme instance.
* </p>
*
* @return the type of this SecuirtyScheme instance
**/
SecuritySchemeType type() default SecuritySchemeType.DEFAULT;
/**
* A short description for security scheme. CommonMark syntax can be used for rich text representation.
*
* @return description of this SecurityScheme instance
**/
String description() default "";
/**
* Applies to and is REQUIRED for SecurityScheme of apiKey type.
* <p>
* The name of the header, query or cookie parameter to be used.
* </p>
*
* @return the name of this apiKey type SecurityScheme instance
**/
String apiKeyName() default "";
/**
* Applies to and is REQUIRED for SecurityScheme of apiKey type.
* <p>
* The location of the API key. Valid values are defined by SecuritySchemeIn enum. Ignored when empty string.
* </p>
*
* @return the location of the API key
**/
SecuritySchemeIn in() default SecuritySchemeIn.DEFAULT;
/**
* Applies to and is REQUIRED for SecurityScheme of http type.
* <p>
* The name of the HTTP Authorization scheme to be used in the Authorization header as defined in RFC 7235.
* </p>
*
* @return the name of the HTTP Authorization scheme
**/
String scheme() default "";
/**
* Applies to http ("bearer") type.
* <p>
* A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an
* authorization server, so this information is primarily for documentation purposes.
* </p>
*
* @return the format of the bearer token
**/
String bearerFormat() default "";
/**
* Applies to and is REQUIRED for SecurityScheme of oauth2 type.
* <p>
* An object containing configuration information for the flow types supported.
* </p>
*
* @return flow types supported by this SecurityScheme instance
**/
OAuthFlows flows() default @OAuthFlows;
/**
* Applies to and is REQUIRED for SecurityScheme of openIdConnect type.
* <p>
* OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL.
* </p>
*
* @return URL where OAuth2 configuration values are stored
**/
String openIdConnectUrl() default "";
/**
* Reference value to a SecurityScheme object.
* <p>
* This property provides a reference to an object defined elsewhere. This property and all other properties are
* mutually exclusive. If other properties are defined in addition to the ref property then the result is undefined.
*
* @return reference to a security scheme
**/
String ref() default "";
/**
* The list of optional extensions.
*
* @return an optional array of extensions
*
* @since 3.1
*/
Extension[] extensions() default {};
}