Can I define a global security scheme?

[cristalp]

We're migrating to Smallrye from the Swagger Maven plugin.

One thing that I can't find with Smallrye is the configuration of a global security scheme.

In the Swagger Maven plugin, I configure

          <plugin>
            <groupId>io.openapitools.swagger</groupId>
            <artifactId>swagger-maven-plugin</artifactId>
            <configuration>
              <swaggerConfig>
                <components>
                  <securitySchemes>
                    <basicAuth>
                      <description>Basic authentication</description>
                      <type>http</type>
                      <scheme>basic</scheme>
                      <in>header</in>
                    </basicAuth>
                  </securitySchemes>
                </components>
                <securityRequirements>
                  <one>
                    <entries>
                      <entry>
                        <name>basicAuth</name>
                      </entry>
                    </entries>
                  </one>
                </securityRequirements>
              </swaggerConfig>
            </configuration>
          </plugin>

The generated openapi.json then contains:

"securitySchemes" : {
  "basicAuth" : {
    "type" : "http",
    "description" : "Basic authentication",
    "scheme" : "basic"
  }
}

As far as I understand, for Smallrye I would have to annotate @SecurityScheme in every class, which would be a lot of redundant work.

Is there any way to configure this globally?

[MikeEdgar]

Hi @cristalp , if you have a class extending jakarta.ws.rs.core.Application, you can put a global @SecurityScheme there.

[cristalp]

Thanks! I tried this:

@ApplicationPath("api")
@SecurityScheme(description = "Basic authentication", scheme = "basic", type = SecuritySchemeType.HTTP)
public class AufgabenmanagementAPI extends Application {
...
}

For us, it's still javax.ws.rs.core.Application, though.

Unfortunately, nothing is generated. Is my configuration wrong?

[MikeEdgar]

The securitySchemeName is needed here. To match your previous output use:

@ApplicationPath("api")
@SecurityScheme(securitySchemeName = "basicAuth", description = "Basic authentication", scheme = "basic", type = SecuritySchemeType.HTTP)
public class AufgabenmanagementAPI extends Application {
...
}

[cristalp]

Thanks, we're almost there :-)

    "securitySchemes" : {
      "basicAuth" : {
        "type" : "http",
        "description" : "Basic authentication",
        "scheme" : "basic"
      }
    }

Looking at the old openapi.json I see at the top

{
  "openapi" : "3.0.1",
  "security" : [ {
    "basicAuth" : [ ]
  } ]
}

The security part is missing in the new openapi.json. How do I generate that?

[MikeEdgar]

Add this, also to the Application class:

@OpenAPIDefinition(
    security = @SecurityRequirement(name = ""basicAuth")
)

[cristalp]

Thanks a lot! I also had to add info, but that is thankfully overridden by the plugin:

@OpenAPIDefinition(security = @SecurityRequirement(name = "basicAuth"), info = @Info(title = "", version = ""))