Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

@AuthenticationPrincipal is not ignored and overwrites @RequestBody parameters #198

kaibra opened this issue Nov 28, 2019 · 2 comments


Copy link

@kaibra kaibra commented Nov 28, 2019


I saw, that in case you inject the Principal by using @AuthenticationPrincipal into your controller it would be treated as RequestBody and overwrite other valid RequestBody parameters.

See: kaibra@f2763a0 , where I added a app61_actual.json file which contains the actual output of the endpoint.

Looks like this could be fixed in ?!




This comment has been minimized.

Copy link

@springdoc springdoc commented Nov 28, 2019


A first workaround would be to use: @Parameter(hidden = true)

    @PostMapping(value = "/persons-with-user")
    public String personsWithUser(@RequestBody() Person person, @Parameter(hidden = true)
                                  @AuthenticationPrincipal User user) {
        return "OK";

If it makes sense, it will be added to the default behaviour of springdoc-openapi on the next release.

@springdoc springdoc closed this in 8baa58a Nov 30, 2019

This comment has been minimized.

Copy link

@springdoc springdoc commented Nov 30, 2019


The following module has been added to springdoc-openapi.
This module will handle, specific spring-security expected behaviours.

For a project that uses spring-security, you should add the follwing dependency, together with the springdoc-openapi-ui dependency:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.