英文:
all schemes MUST be satisfied for a request to be authorized using annotation
问题
OpenAPI规范 states 中提到:
> 当在OpenAPI对象或操作对象上定义了安全需求对象列表时,只需满足列表中的一个安全需求对象即可授权请求。
提供的示例是:
security: # A AND B
- A
B
如何在Swagger Java注解中实现这一点?
我尝试过:
@SecurityRequirement(name = "A")
@SecurityRequirement(name = "B")
还有:
@SecurityRequirements(value = [SecurityRequirement(name = "A"), SecurityRequirement(name = "B")])
但它们都生成了:
security: # A OR B
- A
- B
英文:
OpenAPI Specification states:
> When a list of Security Requirement Objects is defined on the OpenAPI Object or Operation Object, only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request.
The example provided is:
security: # A AND B
- A
B
How to do this using Swagger Java annotations?
I tried
@SecurityRequirement(name = "A")
@SecurityRequirement(name = "B")
also
@SecurityRequirements(value = [SecurityRequirement(name = "A"),
SecurityRequirement(name = "B")] )
but both of them produce:
security: # A OR B
- A
- B
答案1
得分: 2
It seems like there's no way to express that using Swagger Java annotations. Here are the related issues/enhancement requests on GitHub:
- [增强] 需要多个安全方案 (全部,而不是一部分) (https://github.com/swagger-api/swagger-core/issues/2744)
- 使用 AND 条件的多个 SecurityRequirements 注释 (https://github.com/swagger-api/swagger-core/issues/3556)
作为一种解决方法,您可以后处理生成的 OpenAPI 文件 (例如,使用工具如 yq 或 jq) 并根据需要添加/修复 security 部分。
英文:
Looks like there's no way to express that using Swagger Java annotations. Here are the related issues / enhancement requests on GitHub:
- [ENHANCEMENT] Require multiple security schemes (all, not some)
- Multiple SecurityRequirements annotations with AND condition
As a workaround, you can post-process your generated OpenAPI file (e.g. using tools like yq or jq) and add/fix the security section as needed.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论