Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Using Authorization annotation in JAVA

See original GitHub issue

Hi,

We’ve defined a yaml file with Swagger version 2.0 with the following security definitions:

securityDefinitions:
  UserNameSecurity:
    type: apiKey
    in: header
    name: X-API-USERNAME
  PasswordSecurity:
    type: apiKey
    in: header
    name: X-API-PASSWORD
  TenantSecurity:
    type: apiKey
    in: header
    name: X-API-TENANT
    
security:
- UserNameSecurity: []
- PasswordSecurity: []
- TenantSecurity: []

After compiling it using Swagger JAVA compiler version 2.2.3 we see the security labels as annotations in all the operation, but we can’t access the values entered for them in the request header. @io.swagger.annotations.Authorization(value = “PasswordSecurity”), @io.swagger.annotations.Authorization(value = “TenantSecurity”), @io.swagger.annotations.Authorization(value = “UserNameSecurity”)

Do you know how can the apiKey values, supplied in the header, can be accessed in the generated code?

Thanks, Kfir

Issue Analytics

  • State:open
  • Created 6 years ago
  • Comments:6 (1 by maintainers)

github_iconTop GitHub Comments

2reactions
orubelcommented, Apr 9, 2021

In the words of Darrel Miller, the lead on OpenAPI, let me send you this link: https://www.flickr.com/photos/orubel/50695726007/in/dateposted-public/

0reactions
orubelcommented, Apr 18, 2021

@kfirisrael One of the issues you will run into is that OpenApi doesn’t allow for an association of ROLE with endpoint; this causes endpoints to show same request data/response data regardless of ROLE. In other words, if you were to build a Swagger doc from this, an ADMIN role and a USER role would see the EXACT SAME ENDPOINTS and request them the EXACT SAME WAY!!!

There is no way to extend this because the association has to be directly tied to the endpoint (not be in a separate extension where the association is lost)

Read more comments on GitHub >

github_iconTop Results From Across the Web

Web Services in Java 3 - Authorization Annotation
The @Context annotation tells the server to provide this class with the corresponding instance of RequestContext automatically. So we don't have ...
Read more >
Security Annotations and Authorization in GlassFish ... - Oracle
In conclusion, annotations make it very simple to secure an application using authentication and authorization in the Java EE 5 environment. When using...
Read more >
Introduction to Spring Method Security - Baeldung
The @PreAuthorize annotation checks the given expression before entering the method, whereas the @PostAuthorize annotation verifies it after the ...
Read more >
11. Authorization - Spring
If Spring Security's @P annotation is present on a single argument to the method, the value will be used. This is useful for...
Read more >
Custom Annotation To Handle Authorisation In Spring Boot
STEP 1 : Lets create an annotation · Step 2 : Lets Create a file which actually implement logic of authorisation. @Component ·...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Is "examples" (plural) supported inside schemas in 3.0.x?

Next page

OAS 3.1 - The Big List of Possibilities