OpenAPI: generated yaml/json files missing @Securityscheme annotation fix #3652

Author: jknack

modules/jooby-openapi/src/main/java/io/jooby/internal/openapi/OpenAPIParser.java

@@ -73,6 +73,17 @@ public static void parse(ParserContext ctx, OpenAPIExt openapi) {
     Type type = Type.getObjectType(openapi.getSource().replace(".", "/"));
     ClassNode node = ctx.classNode(type);
 
+    rootOpenApiAnnotations(openapi, node);
+  }
+
+  /**
+   * These annotations are expected to be on main class (App), but we still check on controller for
+   * them.
+   *
+   * @param openapi Open API.
+   * @param node Main or controller class.
+   */
+  private static void rootOpenApiAnnotations(OpenAPIExt openapi, ClassNode node) {
     findAnnotationByType(node.visibleAnnotations, OpenAPIDefinition.class).stream()
         .findFirst()
         .ifPresent(a -> definition(openapi, a));
@@ -200,7 +211,13 @@ private static Boolean isDeprecated(List<AnnotationNode> annotations) {
     return null;
   }
 
-  public static void parse(ParserContext ctx, OperationExt operation) {
+  public static void parse(ParserContext ctx, OpenAPIExt openapi, OperationExt operation) {
+    /* SecurityScheme */
+    var controller = operation.getController();
+    if (controller != null) {
+      rootOpenApiAnnotations(openapi, controller);
+    }
+
     /** Tags: */
     MethodNode method = operation.getNode();
     List<AnnotationNode> annotations = operation.getAllAnnotations();

modules/jooby-openapi/src/main/java/io/jooby/internal/openapi/RouteParser.java

@@ -75,7 +75,7 @@ public RouteParser(String metaInf) {
     this.metaInf = metaInf;
   }
 
-  public List<OperationExt> parse(ParserContext ctx) {
+  public List<OperationExt> parse(ParserContext ctx, OpenAPIExt openapi) {
     List<OperationExt> operations = parse(ctx, null, ctx.classNode(ctx.getRouter()));
 
     // Checkout controllers without explicit mapping, just META-INF
@@ -95,7 +95,7 @@ public List<OperationExt> parse(ParserContext ctx) {
     // swagger/openapi:
     for (OperationExt operation : operations) {
       operation.setApplication(application);
-      OpenAPIParser.parse(ctx, operation);
+      OpenAPIParser.parse(ctx, openapi, operation);
     }
 
     List<OperationExt> result = new ArrayList<>();

modules/jooby-openapi/src/main/java/io/jooby/openapi/OpenAPIGenerator.java

@@ -171,7 +171,7 @@ public OpenAPIGenerator() {
 
     RouteParser routes = new RouteParser(metaInf);
     ParserContext ctx = new ParserContext(source, TypeFactory.fromJavaName(classname), debug);
-    List<OperationExt> operations = routes.parse(ctx);
+    List<OperationExt> operations = routes.parse(ctx, openapi);
 
     String contextPath = ContextPathParser.parse(ctx);
 

modules/jooby-openapi/src/test/java/issues/i3652/App3652.java

@@ -0,0 +1,14 @@
+/*
+ * Jooby https://jooby.io
+ * Apache License Version 2.0 https://jooby.io/LICENSE.txt
+ * Copyright 2014 Edgar Espina
+ */
+package issues.i3652;
+
+import io.jooby.Jooby;
+
+public class App3652 extends Jooby {
+  {
+    mvc(Controller3652.class);
+  }
+}

modules/jooby-openapi/src/test/java/issues/i3652/Controller3652.java

@@ -0,0 +1,32 @@
+/*
+ * Jooby https://jooby.io
+ * Apache License Version 2.0 https://jooby.io/LICENSE.txt
+ * Copyright 2014 Edgar Espina
+ */
+package issues.i3652;
+
+import io.jooby.annotation.GET;
+import io.jooby.annotation.Path;
+import io.jooby.annotation.PathParam;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
+
+@Path("/3652")
+@SecurityScheme(
+    name = "myBearerToken",
+    type = SecuritySchemeType.HTTP,
+    scheme = "bearer",
+    bearerFormat = "JWT",
+    in = SecuritySchemeIn.HEADER)
+public class Controller3652 {
+
+  @GET("/{id}")
+  @Operation(summary = "Find a user by ID", description = "Finds a user by ID or throws a 404")
+  @SecurityRequirement(name = "myBearerToken", scopes = "user:read")
+  public String sayHi(@PathParam String id) {
+    return "hi";
+  }
+}

modules/jooby-openapi/src/test/java/issues/i3652/Issue3652.java

@@ -0,0 +1,55 @@
+/*
+ * Jooby https://jooby.io
+ * Apache License Version 2.0 https://jooby.io/LICENSE.txt
+ * Copyright 2014 Edgar Espina
+ */
+package issues.i3652;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import io.jooby.openapi.OpenAPIResult;
+import io.jooby.openapi.OpenAPITest;
+
+public class Issue3652 {
+
+  @OpenAPITest(value = App3652.class)
+  public void shouldPrintSecurityRequeriment(OpenAPIResult result) {
+    assertEquals(
+        "openapi: 3.0.1\n"
+            + "info:\n"
+            + "  title: 3652 API\n"
+            + "  description: 3652 API description\n"
+            + "  version: \"1.0\"\n"
+            + "paths:\n"
+            + "  /3652/{id}:\n"
+            + "    get:\n"
+            + "      summary: Find a user by ID\n"
+            + "      description: Finds a user by ID or throws a 404\n"
+            + "      operationId: sayHi\n"
+            + "      parameters:\n"
+            + "      - name: id\n"
+            + "        in: path\n"
+            + "        required: true\n"
+            + "        schema:\n"
+            + "          type: string\n"
+            + "      responses:\n"
+            + "        \"200\":\n"
+            + "          description: Success\n"
+            + "          content:\n"
+            + "            application/json:\n"
+            + "              schema:\n"
+            + "                type: string\n"
+            + "      security:\n"
+            + "      - myBearerToken:\n"
+            + "        - user:read\n"
+            + "components:\n"
+            + "  securitySchemes:\n"
+            + "    myBearerToken:\n"
+            + "      type: http\n"
+            + "      name: myBearerToken\n"
+            + "      in: header\n"
+            + "      scheme: bearer\n"
+            + "      bearerFormat: JWT\n",
+        result.toYaml());
+  }
+}