Merge pull request #1430 from lipniak/security-add-custom-paths

bnasslahsen · web-flow · commit 46483c924916 · 2022-01-08T11:21:46.000+01:00
springdoc-openapi-security: support custom login processing endpoints
diff --git a/springdoc-openapi-security/src/main/java/org/springdoc/security/SpringDocSecurityConfiguration.java b/springdoc-openapi-security/src/main/java/org/springdoc/security/SpringDocSecurityConfiguration.java
@@ -20,6 +20,7 @@
 
 package org.springdoc.security;
 
+import java.lang.reflect.Field;
 import java.util.Optional;
 
 import io.swagger.v3.oas.models.Operation;
@@ -48,8 +49,10 @@
 import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import static org.springdoc.core.Constants.SPRINGDOC_ENABLED;
 import static org.springdoc.core.Constants.SPRINGDOC_SHOW_LOGIN_ENDPOINT;
@@ -131,7 +134,15 @@ OpenApiCustomiser springSecurityLoginEndpointCustomiser(ApplicationContext appli
 						operation.responses(apiResponses);
 						operation.addTagsItem("login-endpoint");
 						PathItem pathItem = new PathItem().post(operation);
-						openAPI.getPaths().addPathItem("/login", pathItem);
+						try {
+							Field requestMatcherField = AbstractAuthenticationProcessingFilter.class.getDeclaredField("requiresAuthenticationRequestMatcher");
+							requestMatcherField.setAccessible(true);
+							AntPathRequestMatcher requestMatcher = (AntPathRequestMatcher) requestMatcherField.get(usernamePasswordAuthenticationFilter);
+							String loginPath = requestMatcher.getPattern();
+							requestMatcherField.setAccessible(false);
+							openAPI.getPaths().addPathItem(loginPath, pathItem);
+						} catch (NoSuchFieldException | IllegalAccessException | ClassCastException ignored) {
+						}
 					}
 				}
 			};
diff --git a/springdoc-openapi-security/src/test/java/test/org/springdoc/api/app8/SpringDocApp8Test.java b/springdoc-openapi-security/src/test/java/test/org/springdoc/api/app8/SpringDocApp8Test.java
@@ -0,0 +1,23 @@
+package test.org.springdoc.api.app8;
+
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.info.License;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.test.context.TestPropertySource;
+import test.org.springdoc.api.AbstractSpringDocTest;
+
+@TestPropertySource(properties = "springdoc.show-login-endpoint=true")
+public class SpringDocApp8Test extends AbstractSpringDocTest {
+
+    @SpringBootApplication(scanBasePackages = { "test.org.springdoc.api.configuration,test.org.springdoc.api.app8" })
+    static class SpringDocTestApp {
+        @Bean
+        public OpenAPI customOpenAPI() {
+            return new OpenAPI()
+                    .info(new Info().title("Security API").version("v1")
+                            .license(new License().name("Apache 2.0").url("http://springdoc.org")));
+        }
+    }
+}
diff --git a/springdoc-openapi-security/src/test/java/test/org/springdoc/api/app8/security/WebConfig.java b/springdoc-openapi-security/src/test/java/test/org/springdoc/api/app8/security/WebConfig.java
@@ -0,0 +1,17 @@
+package test.org.springdoc.api.app8.security;
+
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@EnableWebSecurity
+@Order(200)
+public class WebConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.formLogin()
+                .loginProcessingUrl("/api/login");
+    }
+}
diff --git a/springdoc-openapi-security/src/test/resources/results/app8.json b/springdoc-openapi-security/src/test/resources/results/app8.json
@@ -0,0 +1,53 @@
+{
+  "openapi": "3.0.1",
+  "info": {
+    "title": "Security API",
+    "license": {
+      "name": "Apache 2.0",
+      "url": "http://springdoc.org"
+    },
+    "version": "v1"
+  },
+  "servers": [
+    {
+      "url": "http://localhost",
+      "description": "Generated server url"
+    }
+  ],
+  "paths": {
+    "/api/login": {
+      "post": {
+        "tags": [
+          "login-endpoint"
+        ],
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "type": "object",
+                "properties": {
+                  "username": {
+                    "type": "string"
+                  },
+                  "password": {
+                    "type": "string"
+                  }
+                }
+              }
+            }
+          }
+        },
+        "responses": {
+          "200": {
+            "description": "OK"
+          },
+          "403": {
+            "description": "Forbidden"
+          }
+        }
+      }
+    }
+  },
+  "components": {
+  }
+}
