Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to exclude API endpoints from Security Schema? #271

Closed
echoAlexey opened this issue Dec 16, 2019 · 2 comments
Closed

How to exclude API endpoints from Security Schema? #271

echoAlexey opened this issue Dec 16, 2019 · 2 comments
Labels
question Further information is requested

Comments

@echoAlexey
Copy link

Hi!

I would like to exclude API endpoints from security schema. Would this be possible?

Is it possible also to group API and assign different security schemas to it?

@springdoc
Copy link
Collaborator

Hi,

You can add the security annotations for the secured operations only.

@RestController
@RequestMapping(path = "/demo2",
	produces = MediaType.TEXT_PLAIN_VALUE)
@SecurityScheme(
		name = "bearerToken",
		type = SecuritySchemeType.HTTP,
		scheme = "bearer",
		bearerFormat = "JWT"
)
public class DemoController {

	@PostMapping(value = "/login1", consumes = MediaType.APPLICATION_JSON_VALUE)
	@Operation(summary = "Add a new person to the store", description = "", security = {
			@SecurityRequirement(name = "bearerToken")})
	public Object createAuthenticationToken(
			@RequestBody String authenticationRequest) {
		return null;
	}

	@PostMapping(value = "/login3", consumes = MediaType.APPLICATION_JSON_VALUE)
	@Operation(description =  "hello, no security")
	public Object createAuthenticationToken2(
			@RequestBody String authenticationRequest) {
		return null;
	}
}

if you need to exclide only one operation, there is a related issue on the swagger-core official annotations / jars:

@bnasslahsen
Copy link
Contributor

You can also use OperationCustomizer (Tested with v1.2.28) : Here is an example, of disabling using Tag name, but it can be on other criterias (method name, ...)

public static final String UNSECURED = "security.open";

@Bean
public OperationCustomizer customize() {
    return (Operation operation, HandlerMethod handlerMethod) -> {
        List<String> tags = operation.getTags();
        if (tags != null && tags.contains(UNSECURED)) {
            operation.setSecurity(Collections.emptyList());
            operation.setTags(tags.stream()
                    .filter(t -> !t.equals(UNSECURED))
                    .collect(Collectors.toList()));
        }
        return operation;
    };
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants