• Home
• org.openapi4j
• openapi-parser
• 1.0.6
• source code
• SecurityRequirementValidator.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.openapi4j.parser.validation.v3.SecurityRequirementValidator Maven / Gradle / Ivy

package org.openapi4j.parser.validation.v3;

import org.openapi4j.core.validation.ValidationResult;
import org.openapi4j.core.validation.ValidationResults;
import org.openapi4j.parser.model.v3.OpenApi3;
import org.openapi4j.parser.model.v3.SecurityRequirement;
import org.openapi4j.parser.validation.ValidationContext;
import org.openapi4j.parser.validation.Validator;

import java.util.List;
import java.util.Map;
import java.util.Set;

import static org.openapi4j.core.validation.ValidationSeverity.ERROR;
import static org.openapi4j.parser.validation.v3.OAI3Keywords.OAUTH2;
import static org.openapi4j.parser.validation.v3.OAI3Keywords.OPENIDCONNECT;

class SecurityRequirementValidator extends Validator3Base {
  private static final ValidationResult SCHEME_NOT_DEFINED = new ValidationResult(ERROR, 139, "Security scheme '%s' is not defined in components");
  private static final ValidationResult SEC_REQ_NOT_ALLOWED = new ValidationResult(ERROR, 140, "Security requirement parameters in '%s' not allowed with scheme type '%s'");

  private static final Validator INSTANCE = new SecurityRequirementValidator();

  private SecurityRequirementValidator() {
  }

  public static Validator instance() {
    return INSTANCE;
  }

  @Override
  public void validate(ValidationContext context, OpenApi3 api, SecurityRequirement securityRequirement, ValidationResults results) {
    Set schemes = api.getComponents().getSecuritySchemes().keySet();

    for (Map.Entry> entry : securityRequirement.getRequirements().entrySet()) {
      if (!schemes.contains(entry.getKey())) {
        results.add(SCHEME_NOT_DEFINED, entry.getKey());
      } else {
        String type = api.getComponents().getSecurityScheme(entry.getKey()).getType();

        if (type == null || OAUTH2.equals(type) || OPENIDCONNECT.equals(type)) {
          continue;
        }

        if (!entry.getValue().isEmpty()) {
          results.add(SEC_REQ_NOT_ALLOWED, entry.getKey(), type);
        }
      }
    }
  }
}