Is your feature request related to a problem? Please describe.
I'm using spring-data-rest to export rest endpoints for a repository. This works great but the @securityrequirement annotation does only work on the class level. I would like to give each method a different security requirement.
Example:
@RepositoryRestResource(excerptProjection = UserBasicProjection.class)
public interface UserRepository extends JpaRepository<User, Long> {
@Override
@IsAuthenticated
Optional<User> findById(Long id);
@IsAuthenticated
Optional<User> findOneByEmailAndDeletedIsFalse(String email);
@Override
@IsAdmin
Page<User> findAll(Pageable pageable);
@IsAdmin
List<User> findByDebtIsGreaterThan(double debt);
....
}@IsAdmin infers @SecurityRequirement(name = OAUTH2_SECURITY_SCHEME, scopes = "api_admin")
@IsAuthenticated infers @SecurityRequirement(name = OAUTH2_SECURITY_SCHEME, scopes = "api_full")
Describe the solution you'd like
The DataRestTagsService should check the actual repository method in addition to the repository type.
|
Set<io.swagger.v3.oas.annotations.security.SecurityRequirement> allSecurityTags = securityParser.getSecurityRequirementsForClass(repositoryType); |
Is your feature request related to a problem? Please describe.
I'm using spring-data-rest to export rest endpoints for a repository. This works great but the @securityrequirement annotation does only work on the class level. I would like to give each method a different security requirement.
Example:
@IsAdmininfers@SecurityRequirement(name = OAUTH2_SECURITY_SCHEME, scopes = "api_admin")@IsAuthenticatedinfers@SecurityRequirement(name = OAUTH2_SECURITY_SCHEME, scopes = "api_full")Describe the solution you'd like
The DataRestTagsService should check the actual repository method in addition to the repository type.
springdoc-openapi/springdoc-openapi-data-rest/src/main/java/org/springdoc/data/rest/core/DataRestTagsService.java
Line 113 in 4a25acf