OpenAPITools
[BUG][JAVA][JAXRS-CXF] securitySchemes components applied to endpoint/whole API in the specs fail to generate anything in code
Bug Report Checklist
- [x] Have you provided a full/minimal spec to reproduce the issue?
- [x] Have you validated the input using an OpenAPI validator (example)?
- [x] What's the version of OpenAPI Generator used?
- [x] Have you search for related issues/PRs?
- [x] What's the actual output vs expected output?
- [ ] [Optional] Bounty to sponsor the fix (example)
Description
When I generate the Java code corresponding to the specs, I expect to see @SecurityScheme or @SecurityDefinition or @SecurityRequirement annotations (or anything really that translates the security from the specs) on my endpoint-method (cf. below, deleteAccount). I don't know how these work exactly, but I expect a String variable to be accessible from inside my deleteAccount function to check the accesstoken (whether for a bearer type authentication or oauth etc.).
openapi-generator version
4.2.2
OpenAPI declaration file content or url
openapi: 3.0.2
info:
description: API
version: 1.0.0
title: API
servers:
- url: "https://bla.com"
paths:
/endpoint:
delete:
operationId: deleteAccount
security:
- oauth: ["ascope"]
- apikey: []
- authentication: []
responses:
"204":
description: Successful response - no content
components:
securitySchemes:
oauth:
type: oauth2
description: This API uses OAuth2.0 with the Authorization Code flow.
flows:
authorizationCode:
authorizationUrl: https://bla/oauth2/authorize
tokenUrl: https://bla/oauth2/token
refreshUrl: https://bla/oauth2/refresh
scopes:
ascope: A scope
apikey:
type: apiKey
in: header
name: x-api-key
authentication:
type: http
scheme: bearer
Command line used for generation
mvn clean install
Steps to reproduce
Here's my pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.bla</groupId>
<artifactId>apitest</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<org.apache.cxf.version>3.3.5</org.apache.cxf.version>
<jackson.version>2.9.9</jackson.version>
</properties>
<dependencies>
<dependency>
<groupId>org.openapitools</groupId>
<artifactId>openapi-generator</artifactId>
<version>4.2.2</version>
</dependency>
<!-- Fix import io.swagger.jaxrs.PATCH; -->
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-jaxrs</artifactId>
<version>1.5.16</version>
</dependency>
<!-- Bean Validation API support -->
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>1.1.0.Final</version>
<scope>provided</scope>
</dependency>
<!-- CXF server -->
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
<version>${org.apache.cxf.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-service-description</artifactId>
<version>${org.apache.cxf.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-policy</artifactId>
<version>${org.apache.cxf.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-wsdl</artifactId>
<version>${org.apache.cxf.version}</version>
<scope>compile</scope>
</dependency>
<!-- Jackson: JSON for Java -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.openapitools</groupId>
<artifactId>openapi-generator-maven-plugin</artifactId>
<version>4.2.2</version>
<executions>
<execution>
<id>myapi</id>
<phase>generate-sources</phase>
<goals>
<goal>generate</goal>
</goals>
<configuration>
<inputSpec>${basedir}/api.yaml</inputSpec>
<generatorName>jaxrs-cxf</generatorName>
<configOptions>
<sourceFolder>src/gen/main/java</sourceFolder>
<modelPackage>com.bla.api.models</modelPackage>
<apiPackage>com.bla.api</apiPackage>
</configOptions>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
Import above pom.xml in your favorite IDE (IntelliJ), import above specs as api.yaml on the same level as the pom.xml and finally execute the above command mvn clean install.
Related issues/PRs
None that I know of.
Suggest a fix
Templates that translates openapi 3.0.2 specs to Java jaxrs-cxf compliant code. Maybe I'm missing something stupid. Thanks in advance for your help (and reading through).
Actual Output
package com.bla.api;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.List;
import java.util.Map;
import javax.ws.rs.*;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.MediaType;
import org.apache.cxf.jaxrs.ext.multipart.*;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ApiResponse;
import io.swagger.jaxrs.PATCH;
import javax.validation.constraints.*;
import javax.validation.Valid;
@Path("/")
@Api(value = "/", description = "")
public interface DefaultApi {
@DELETE
@Path("/endpoint")
@ApiOperation(value = "", tags={ })
@ApiResponses(value = {
@ApiResponse(code = 204, message = "Successful response - no content") })
public void deleteAccount();
}
Expected Output
Something along the lines:
@Path("/")
@Api(value = "/", description = "")
public interface DefaultApi {
@DELETE
@Path("/endpoint")
@ApiOperation(value = "", tags={ })
@ApiResponses(value = {
@ApiResponse(code = 204, message = "Successful response - no content") })
public void deleteAccount(@HeaderParam("Authorization") String var3);
}
This code can be generated with a simple workaround: forget the #/components/securitySchemes/* and add a
name: Authorization
schema:
type: string
in: header
required: true
on the endpoint's parameters section.
@wing328, @jimschubert, @cbornet, @ackintosh, @jmini, @etherealjoy can you take a look on this please? :)
@wing328, @jimschubert, @cbornet, @ackintosh, @jmini, @etherealjoy Any news on this? Sorry for keeping on posting here. Maybe just a kind answer saying it's not a priority, noone taking care of it atm, or just an eta for when it'll be tackled? (or did I miss something?)
Any answer would be appreciated :) Thanks
Experienced the same issue today. Any news if this will be implemented in the future?
Is there some place in the documentation where this could be mentioned at least?
(Or is it already?)
The issue seems to also affect the jaxrs-spec generator. I suspect that other generators are affected as well. A reproducer can be found at https://github.com/turing85/quarkus-openapi-jaxrs-generator.
Execute ./mvnw clean compile and take a look at the generated classes under target/generated-classes/openapi/de/turing85/petstore/api. I would expect, for example, some @RolesAllowed-annotations for the OIDC schema.
