Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

@AuthenticationPrincipal is not ignored and overwrites @RequestBody parameters #198

Closed
kaibra opened this issue Nov 28, 2019 · 2 comments
Closed

Comments

@kaibra
Copy link

@kaibra kaibra commented Nov 28, 2019

Hey,

I saw, that in case you inject the Principal by using @AuthenticationPrincipal into your controller it would be treated as RequestBody and overwrite other valid RequestBody parameters.

See: kaibra@f2763a0 , where I added a app61_actual.json file which contains the actual output of the endpoint.

Looks like this could be fixed in https://github.com/springdoc/springdoc-openapi/blob/master/springdoc-openapi-webmvc-core/src/main/java/org/springdoc/core/RequestBuilder.java#L24 ?!

Regards,

Kai

@springdoc

This comment has been minimized.

Copy link
Owner

@springdoc springdoc commented Nov 28, 2019

Hi,

A first workaround would be to use: @Parameter(hidden = true)

    @PostMapping(value = "/persons-with-user")
    public String personsWithUser(@RequestBody() Person person, @Parameter(hidden = true)
                                  @AuthenticationPrincipal User user) {
        return "OK";
    }

If it makes sense, it will be added to the default behaviour of springdoc-openapi on the next release.

@springdoc springdoc closed this in 8baa58a Nov 30, 2019
@springdoc

This comment has been minimized.

Copy link
Owner

@springdoc springdoc commented Nov 30, 2019

Hi,

The following module has been added to springdoc-openapi.
This module will handle, specific spring-security expected behaviours.

For a project that uses spring-security, you should add the follwing dependency, together with the springdoc-openapi-ui dependency:

<dependency>
	<groupId>org.springdoc</groupId>
	<artifactId>springdoc-openapi-security</artifactId>
	<version>1.2.15</version>
</dependency>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.