Better support for security requirement objects #519
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Azquelt
added a commit
to Azquelt/microprofile-open-api
that referenced
this pull request
Mar 17, 2022
Support SecurityRequriementsSet, passing the TCKs added to eclipse#519 Objects which support security requirements now support having both individual security requirements and security requirements sets. An individual security requirement is equivalent to a security requirement set with a single element. Therefore, when reading annotations, we always process both lists together.
|
Yes, I think it does. I'll note that. |
MikeEdgar
reviewed
Mar 25, 2022
api/src/main/java/org/eclipse/microprofile/openapi/annotations/OpenAPIDefinition.java
Outdated
Show resolved
Hide resolved
api/src/main/java/org/eclipse/microprofile/openapi/annotations/callbacks/CallbackOperation.java
Outdated
Show resolved
Hide resolved
...src/main/java/org/eclipse/microprofile/openapi/annotations/security/SecurityRequirement.java
Outdated
Show resolved
Hide resolved
Comment on lines
27
to
28
| * Represents an array of security requirement sets that can be specified for the operation or at definition level. Only | ||
| * one of requirement sets needs be satisfied. |
There was a problem hiding this comment.
or at definition level
I know this phrase is in the equivalent SecurityRequirements annotation docs as well, but reading it makes it seem that this annotation is supported alongside @OpenAPIDefinition on an Application or package-info. What do you think?
There was a problem hiding this comment.
I think it's very imprecise about where it's supported.
Would it be better to list the places where it is supported? (which would be on a resource method, on a resource class, within @OpenAPIDefinition#securitySet and within @CallbackOperation#securitySet)
There was a problem hiding this comment.
I've gone through and added more detail to the Javadoc for SecurityRequirementsSet and SecurityRequirementsSets. I've also updated SecurityRequirements to remove the suggestion that it can be used at "operation or definition level".
Azquelt
force-pushed
the
security-requirement-sets
branch
from
5615f19
to
b39e654
Compare
MikeEdgar
reviewed
Apr 14, 2022
api/src/main/java/org/eclipse/microprofile/openapi/annotations/OpenAPIDefinition.java
Outdated
Show resolved
Hide resolved
* Make SecurityRequirementsSet repeatable * Add securitySets parameters to OpenAPIDefinition and CallbackOperation * Clarify that using @securityrequirement alone is equivalent to using @SecurityRequirementsSet with one element * Add TCK for @SecurityRequirementsSet * Add TCK for securitySets in @OpenAPIDefinition
Azquelt
force-pushed
the
security-requirement-sets
branch
from
953c5c8
to
cf946e8
Compare
|
Review commits squashed |
Azquelt
added a commit
to Azquelt/smallrye-open-api
that referenced
this pull request
Apr 21, 2022
Support SecurityRequriementsSet, passing the TCKs added to eclipse/microprofile-open-api#519 Objects which support security requirements now support having both individual security requirements and security requirements sets. An individual security requirement is equivalent to a security requirement set with a single element. Therefore, when reading annotations, we always process both lists together.
MikeEdgar
pushed a commit
to Azquelt/smallrye-open-api
that referenced
this pull request
Apr 26, 2022
Support SecurityRequriementsSet, passing the TCKs added to eclipse/microprofile-open-api#519 Objects which support security requirements now support having both individual security requirements and security requirements sets. An individual security requirement is equivalent to a security requirement set with a single element. Therefore, when reading annotations, we always process both lists together.
MikeEdgar
pushed a commit
to Azquelt/smallrye-open-api
that referenced
this pull request
May 4, 2022
Support SecurityRequriementsSet, passing the TCKs added to eclipse/microprofile-open-api#519 Objects which support security requirements now support having both individual security requirements and security requirements sets. An individual security requirement is equivalent to a security requirement set with a single element. Therefore, when reading annotations, we always process both lists together.
MikeEdgar
pushed a commit
to MikeEdgar/smallrye-open-api
that referenced
this pull request
May 7, 2022
Support SecurityRequriementsSet, passing the TCKs added to eclipse/microprofile-open-api#519 Objects which support security requirements now support having both individual security requirements and security requirements sets. An individual security requirement is equivalent to a security requirement set with a single element. Therefore, when reading annotations, we always process both lists together.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SecurityRequirementsSetrepeatablesecuritySetparameters to OpenAPIDefinition and CallbackOperation@SecurityRequirementalone is equivalent to using@SecurityRequirementsSetwith one element@SecurityRequirementsSetsecuritySetin@OpenAPIDefinitionFixes #468
Fixes #483