@AuthenticationPrincipal is not ignored and overwrites @RequestBody parameters

[kaibra]

Hey,

I saw, that in case you inject the Principal by using @AuthenticationPrincipal into your controller it would be treated as RequestBody and overwrite other valid RequestBody parameters.

See: https://github.com/kaibra/springdoc-openapi/commit/f2763a0968542526b215a4ce854bb90d007933c7 , where I added a app61_actual.json file which contains the actual output of the endpoint.

Looks like this could be fixed in https://github.com/springdoc/springdoc-openapi/blob/master/springdoc-openapi-webmvc-core/src/main/java/org/springdoc/core/RequestBuilder.java#L24 ?!

Regards,

Kai

Hi,

A first workaround would be to use: @Parameter(hidden = true)

    @PostMapping(value = "/persons-with-user")
    public String personsWithUser(@RequestBody() Person person, @Parameter(hidden = true)
                                  @AuthenticationPrincipal User user) {
        return "OK";
    }

If it makes sense, it will be added to the default behaviour of springdoc-openapi on the next release.

Hi,

The following module has been added to springdoc-openapi.
This module will handle, specific spring-security expected behaviours.

For a project that uses spring-security, you should add the follwing dependency, together with the springdoc-openapi-ui dependency:

<dependency>
	<groupId>org.springdoc</groupId>
	<artifactId>springdoc-openapi-security</artifactId>
	<version>1.2.15</version>
</dependency>