How to exclude API endpoints from Security Schema? #271
Labels
question
Further information is requested
Comments
|
Hi, You can add the security annotations for the secured operations only. @RestController
@RequestMapping(path = "/demo2",
produces = MediaType.TEXT_PLAIN_VALUE)
@SecurityScheme(
name = "bearerToken",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "JWT"
)
public class DemoController {
@PostMapping(value = "/login1", consumes = MediaType.APPLICATION_JSON_VALUE)
@Operation(summary = "Add a new person to the store", description = "", security = {
@SecurityRequirement(name = "bearerToken")})
public Object createAuthenticationToken(
@RequestBody String authenticationRequest) {
return null;
}
@PostMapping(value = "/login3", consumes = MediaType.APPLICATION_JSON_VALUE)
@Operation(description = "hello, no security")
public Object createAuthenticationToken2(
@RequestBody String authenticationRequest) {
return null;
}
}if you need to exclide only one operation, there is a related issue on the swagger-core official annotations / jars: |
|
You can also use OperationCustomizer (Tested with v1.2.28) : Here is an example, of disabling using Tag name, but it can be on other criterias (method name, ...) public static final String UNSECURED = "security.open";
@Bean
public OperationCustomizer customize() {
return (Operation operation, HandlerMethod handlerMethod) -> {
List<String> tags = operation.getTags();
if (tags != null && tags.contains(UNSECURED)) {
operation.setSecurity(Collections.emptyList());
operation.setTags(tags.stream()
.filter(t -> !t.equals(UNSECURED))
.collect(Collectors.toList()));
}
return operation;
};
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi!
I would like to exclude API endpoints from security schema. Would this be possible?
Is it possible also to group API and assign different security schemas to it?
The text was updated successfully, but these errors were encountered: