Ignore @Auth parameters in dropwizard

[solidfish]

In dropwizard, the authenticated principal is passed to a resource method as a parameter annotated with @Auth, which should be ignored for documentation purposes. I am not yet sure how this could/should be done in a general manner by the doclet, but it would be nice.

[ryankennedy]

I don't think it should actually be ignored. If you ignore it then you can't indicate whether or not the resource is protected or not. I've been wanting to find a good way to pass to the doclet what form of authentication is being used (basic, digest, OAuth, etc) but haven't had the time to do so.

[solidfish]

Yes, that would be nice too. I was only thinking about my current usage with BasicAuth, where I am fine with the indication offered by the browser when it prompts for credentials... I'd just like the @Auth parameter not to show up as a body parameter. Admittedly that wouldn't work at all for other auth methods - wouldn't even work too well with @Auth(required=false) for that matter. I suppose Swagger has some amount of flexibility in terms of handling authentication? I see you can provide an api key, not sure how that's used. On the doclet side I would think that to do this properly you'd just need to defer to whatever framework is providing the authentication. That or a simpler but redundant annotation-based implementation I suppose.

[ilesm]

I find this annoying too and I don't know how to fix it. All of my resources that take @Auth have an additional body field in Swagger UI. It seems to me like @ApiParam should have a boolean hidden() default false method, but it doesn't.

[tomaytotomato]

Yea I agree this is very annoying especially when dealing with JSON Web token authentication.

Here's a screenshot: