From 61fb37f3d5ae3519c12b984e94a64d702de01f06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Chondzi=C5=84ski?= Date: Thu, 1 Jul 2021 15:46:08 +0200 Subject: [PATCH 1/3] Introducing api reader that extends rest api endpoint description with the permissions details that given endpoint requires. --- pom.xml | 6 ++ .../SpringMvcApiWithAuthorizationReader.java | 83 +++++++++++++++++++ 2 files changed, 89 insertions(+) create mode 100644 src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java diff --git a/pom.xml b/pom.xml index 5672e7b40..f0e791901 100644 --- a/pom.xml +++ b/pom.xml @@ -69,6 +69,7 @@ 2.0.1 0.9.9 4.3.7.RELEASE + 5.5.1 3.9 1.13 2.0.1 @@ -213,6 +214,11 @@ spring-web ${springframework.version} + + org.springframework.security + spring-security-core + ${springframework.security.version} + com.fasterxml.jackson.core jackson-core diff --git a/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java b/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java new file mode 100644 index 000000000..97d80faab --- /dev/null +++ b/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java @@ -0,0 +1,83 @@ +package com.github.kongchen.swagger.docgen.reader; + +import com.github.kongchen.swagger.docgen.spring.SpringResource; +import io.swagger.models.Operation; +import io.swagger.models.Path; +import io.swagger.models.Swagger; +import org.apache.maven.plugin.logging.Log; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import java.lang.reflect.Method; +import java.util.List; + +import static org.apache.commons.lang3.StringUtils.isBlank; +import static org.springframework.core.annotation.AnnotatedElementUtils.findMergedAnnotation; + +/** + * Extends rest api endpoint description with the permissions details that given endpoint requires. + * + * This swagger reader is used as {@code swaggerApiReader} property of the {@code swagger-maven-plugin}. + */ +public class SpringMvcApiWithAuthorizationReader extends SpringMvcApiReader { + + private static final String PERMISSIONS_LABEL = "\n\n**Required Permissions**:\n\n"; + + public SpringMvcApiWithAuthorizationReader(Swagger swagger, Log log) { + super(swagger, log); + } + + @Override + public Swagger read(SpringResource resource) { + Swagger extSwagger = super.read(resource); + + List methods = resource.getMethods(); + for (Method method : methods) { + PreAuthorize preAuthorize = findMergedAnnotation(method, PreAuthorize.class); + RequestMapping requestMapping = findMergedAnnotation(method, RequestMapping.class); + if (preAuthorize == null) continue; // nothing to update + if (requestMapping == null) continue; // nothing to update + + String resourcePathKey = resource.getControllerMapping() + resource.getResourceName(); + Path path = extSwagger.getPath(resourcePathKey); + if (path == null) continue; // nothing to update + + String permissions = preAuthorize.value(); + if (isBlank(permissions)) continue; // nothing to update + + for (RequestMethod reqMethod : requestMapping.method()) { + Operation operation = operation(path, reqMethod); + updateOperation(operation, permissions); + } + } + + return extSwagger; + } + + private static Operation operation(Path path, RequestMethod method) { + switch (method) { + case POST: + return path.getPost(); + case GET: + return path.getGet(); + case PUT: + return path.getPut(); + case DELETE: + return path.getDelete(); + case HEAD: + return path.getHead(); + case OPTIONS: + return path.getOptions(); + case PATCH: + return path.getPatch(); + default: + throw new IllegalArgumentException("could not find operation for method " + method); + } + } + + private static void updateOperation(Operation operation, String permissions) { + String updatedDescription = operation.getDescription() + PERMISSIONS_LABEL + permissions; + operation.description(updatedDescription); + } +} From 122269bfe52762e64654ee85aa301391edf51cf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Chondzi=C5=84ski?= Date: Fri, 9 Jul 2021 12:41:30 +0200 Subject: [PATCH 2/3] Attempt to reduce the cognitive complexity --- .../reader/SpringMvcApiWithAuthorizationReader.java | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java b/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java index 97d80faab..7d4ce6bf2 100644 --- a/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java +++ b/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java @@ -12,6 +12,7 @@ import java.lang.reflect.Method; import java.util.List; +import static org.apache.commons.lang3.ObjectUtils.allNotNull; import static org.apache.commons.lang3.StringUtils.isBlank; import static org.springframework.core.annotation.AnnotatedElementUtils.findMergedAnnotation; @@ -36,15 +37,10 @@ public Swagger read(SpringResource resource) { for (Method method : methods) { PreAuthorize preAuthorize = findMergedAnnotation(method, PreAuthorize.class); RequestMapping requestMapping = findMergedAnnotation(method, RequestMapping.class); - if (preAuthorize == null) continue; // nothing to update - if (requestMapping == null) continue; // nothing to update - String resourcePathKey = resource.getControllerMapping() + resource.getResourceName(); Path path = extSwagger.getPath(resourcePathKey); - if (path == null) continue; // nothing to update - String permissions = preAuthorize.value(); - if (isBlank(permissions)) continue; // nothing to update + if (!allNotNull(preAuthorize, requestMapping, path) || isBlank(permissions)) continue; // nothing to update for (RequestMethod reqMethod : requestMapping.method()) { Operation operation = operation(path, reqMethod); From 435e884bfefb058ab2962ef0e364e20f807d68cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Chondzi=C5=84ski?= Date: Fri, 9 Jul 2021 15:05:41 +0200 Subject: [PATCH 3/3] Attempt to reduce the cognitive complexity --- .../reader/SpringMvcApiWithAuthorizationReader.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java b/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java index 7d4ce6bf2..53f198101 100644 --- a/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java +++ b/src/main/java/com/github/kongchen/swagger/docgen/reader/SpringMvcApiWithAuthorizationReader.java @@ -10,6 +10,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import java.lang.reflect.Method; +import java.util.Arrays; import java.util.List; import static org.apache.commons.lang3.ObjectUtils.allNotNull; @@ -42,10 +43,9 @@ public Swagger read(SpringResource resource) { String permissions = preAuthorize.value(); if (!allNotNull(preAuthorize, requestMapping, path) || isBlank(permissions)) continue; // nothing to update - for (RequestMethod reqMethod : requestMapping.method()) { - Operation operation = operation(path, reqMethod); - updateOperation(operation, permissions); - } + Arrays.stream(requestMapping.method()) + .map(reqMethod -> operation(path, reqMethod)) + .forEach(operation -> updateOperation(operation, permissions)); } return extSwagger;