-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better support for security requirement objects #519
Conversation
Support SecurityRequriementsSet, passing the TCKs added to eclipse#519 Objects which support security requirements now support having both individual security requirements and security requirements sets. An individual security requirement is equivalent to a security requirement set with a single element. Therefore, when reading annotations, we always process both lists together.
Yes, I think it does. I'll note that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few comments/questions.
api/src/main/java/org/eclipse/microprofile/openapi/annotations/OpenAPIDefinition.java
Outdated
Show resolved
Hide resolved
api/src/main/java/org/eclipse/microprofile/openapi/annotations/callbacks/CallbackOperation.java
Outdated
Show resolved
Hide resolved
...src/main/java/org/eclipse/microprofile/openapi/annotations/security/SecurityRequirement.java
Outdated
Show resolved
Hide resolved
* Represents an array of security requirement sets that can be specified for the operation or at definition level. Only | ||
* one of requirement sets needs be satisfied. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
or at definition level
I know this phrase is in the equivalent SecurityRequirements
annotation docs as well, but reading it makes it seem that this annotation is supported alongside @OpenAPIDefinition
on an Application
or package-info
. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's very imprecise about where it's supported.
Would it be better to list the places where it is supported? (which would be on a resource method, on a resource class, within @OpenAPIDefinition#securitySet
and within @CallbackOperation#securitySet
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that makes sense.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've gone through and added more detail to the Javadoc for SecurityRequirementsSet
and SecurityRequirementsSets
. I've also updated SecurityRequirements
to remove the suggestion that it can be used at "operation or definition level".
5615f19
to
b39e654
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only one thing came to mind this pass through.
api/src/main/java/org/eclipse/microprofile/openapi/annotations/OpenAPIDefinition.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thank you!
* Make SecurityRequirementsSet repeatable * Add securitySets parameters to OpenAPIDefinition and CallbackOperation * Clarify that using @securityrequirement alone is equivalent to using @SecurityRequirementsSet with one element * Add TCK for @SecurityRequirementsSet * Add TCK for securitySets in @OpenAPIDefinition
953c5c8
to
cf946e8
Compare
Review commits squashed |
Support SecurityRequriementsSet, passing the TCKs added to eclipse/microprofile-open-api#519 Objects which support security requirements now support having both individual security requirements and security requirements sets. An individual security requirement is equivalent to a security requirement set with a single element. Therefore, when reading annotations, we always process both lists together.
Support SecurityRequriementsSet, passing the TCKs added to eclipse/microprofile-open-api#519 Objects which support security requirements now support having both individual security requirements and security requirements sets. An individual security requirement is equivalent to a security requirement set with a single element. Therefore, when reading annotations, we always process both lists together.
Support SecurityRequriementsSet, passing the TCKs added to eclipse/microprofile-open-api#519 Objects which support security requirements now support having both individual security requirements and security requirements sets. An individual security requirement is equivalent to a security requirement set with a single element. Therefore, when reading annotations, we always process both lists together.
Support SecurityRequriementsSet, passing the TCKs added to eclipse/microprofile-open-api#519 Objects which support security requirements now support having both individual security requirements and security requirements sets. An individual security requirement is equivalent to a security requirement set with a single element. Therefore, when reading annotations, we always process both lists together.
SecurityRequirementsSet
repeatablesecuritySet
parameters to OpenAPIDefinition and CallbackOperation@SecurityRequirement
alone is equivalent to using@SecurityRequirementsSet
with one element@SecurityRequirementsSet
securitySet
in@OpenAPIDefinition
Fixes #468
Fixes #483