Add genarate security roles by security scopes (#1733)

openapi-generator/src/main/java/io/micronaut/openapi/generator/JavaMicronautServerCodegen.java

@@ -28,7 +28,7 @@
 import org.openapitools.codegen.utils.StringUtils;
 
 import java.io.File;
-import java.util.Collections;
+import java.util.ArrayList;
 import java.util.List;
 
 import static org.openapitools.codegen.CodegenConstants.API_PACKAGE;
@@ -281,14 +281,29 @@ public OperationsMap postProcessOperationsWithModels(OperationsMap objs, List<Mo
         String controllerClassname = StringUtils.camelize(CONTROLLER_PREFIX + "_" + operations.getPathPrefix() + "_" + CONTROLLER_SUFFIX);
         objs.put("controllerClassname", controllerClassname);
 
-        List<CodegenOperation> allOperations = (List<CodegenOperation>) operations.get("operation");
+        var allOperations = (List<CodegenOperation>) operations.get("operation");
         if (useAuth) {
             for (CodegenOperation operation : allOperations) {
                 if (!operation.vendorExtensions.containsKey(EXTENSION_ROLES)) {
-                    String role = operation.hasAuthMethods ? AUTHORIZED_ROLE : ANONYMOUS_ROLE;
-                    operation.vendorExtensions.put(EXTENSION_ROLES, Collections.singletonList(role));
+
+                    var roles = new ArrayList<String>();
+                    var authMethods = operation.authMethods;
+                    if (authMethods != null && !authMethods.isEmpty()) {
+                        var scopes = authMethods.get(0).scopes;
+                        if (scopes != null && !scopes.isEmpty()) {
+                            for (var scope : scopes) {
+                                roles.add("\"" + escapeText(scope.get("scope").toString()) + "\"");
+                            }
+                        } else {
+                            roles.add(AUTHORIZED_ROLE);
+                        }
+                    } else {
+                        roles.add(ANONYMOUS_ROLE);
+                    }
+
+                    operation.vendorExtensions.put(EXTENSION_ROLES, roles);
                 } else {
-                    List<String> roles = (List<String>) operation.vendorExtensions.get(EXTENSION_ROLES);
+                    var roles = (List<String>) operation.vendorExtensions.get(EXTENSION_ROLES);
                     roles = roles.stream().map(role -> switch (role) {
                         case ANONYMOUS_ROLE_KEY -> ANONYMOUS_ROLE;
                         case AUTHORIZED_ROLE_KEY -> AUTHORIZED_ROLE;

openapi-generator/src/main/java/io/micronaut/openapi/generator/KotlinMicronautServerCodegen.java

@@ -28,7 +28,7 @@
 import org.openapitools.codegen.utils.StringUtils;
 
 import java.io.File;
-import java.util.Collections;
+import java.util.ArrayList;
 import java.util.List;
 
 import static org.openapitools.codegen.CodegenConstants.API_PACKAGE;
@@ -266,14 +266,29 @@ public OperationsMap postProcessOperationsWithModels(OperationsMap objs, List<Mo
         String controllerClassname = StringUtils.camelize(CONTROLLER_PREFIX + "_" + operations.getPathPrefix() + "_" + CONTROLLER_SUFFIX);
         objs.put("controllerClassname", controllerClassname);
 
-        List<CodegenOperation> allOperations = (List<CodegenOperation>) operations.get("operation");
+        var allOperations = (List<CodegenOperation>) operations.get("operation");
         if (useAuth) {
             for (CodegenOperation operation : allOperations) {
                 if (!operation.vendorExtensions.containsKey(EXTENSION_ROLES)) {
-                    String role = operation.hasAuthMethods ? AUTHORIZED_ROLE : ANONYMOUS_ROLE;
-                    operation.vendorExtensions.put(EXTENSION_ROLES, Collections.singletonList(role));
+
+                    var roles = new ArrayList<String>();
+                    var authMethods = operation.authMethods;
+                    if (authMethods != null && !authMethods.isEmpty()) {
+                        var scopes = authMethods.get(0).scopes;
+                        if (scopes != null && !scopes.isEmpty()) {
+                            for (var scope : scopes) {
+                                roles.add("\"" + escapeText(scope.get("scope").toString()) + "\"");
+                            }
+                        } else {
+                            roles.add(AUTHORIZED_ROLE);
+                        }
+                    } else {
+                        roles.add(ANONYMOUS_ROLE);
+                    }
+
+                    operation.vendorExtensions.put(EXTENSION_ROLES, roles);
                 } else {
-                    List<String> roles = (List<String>) operation.vendorExtensions.get(EXTENSION_ROLES);
+                    var roles = (List<String>) operation.vendorExtensions.get(EXTENSION_ROLES);
                     roles = roles.stream().map(role -> switch (role) {
                         case ANONYMOUS_ROLE_KEY -> ANONYMOUS_ROLE;
                         case AUTHORIZED_ROLE_KEY -> AUTHORIZED_ROLE;

openapi-generator/src/test/java/io/micronaut/openapi/generator/JavaMicronautServerCodegenTest.java

@@ -491,4 +491,22 @@ void testOperationDescription() {
 
         assertFileContains(path + "api/DatasetsApi.java", "description = \"Creates a brand new dataset.\"");
     }
+
+    @Test
+    void testSecurity() {
+
+        var codegen = new JavaMicronautServerCodegen();
+        String outputPath = generateFiles(codegen, "src/test/resources/3_0/security.yml", CodegenConstants.APIS, CodegenConstants.MODELS);
+        String path = outputPath + "src/main/java/org/openapitools/";
+
+        assertFileContains(path + "api/DefaultApi.java",
+            """
+                    @Secured({"read", "admin"})
+                    Mono<Void> get();
+                """,
+            """
+                    @Secured({"write", "admin"})
+                    Mono<Void> save();
+                """);
+    }
 }

openapi-generator/src/test/java/io/micronaut/openapi/generator/KotlinMicronautServerCodegenTest.java

@@ -576,4 +576,22 @@ void testOperationDescription() {
 
         assertFileContains(path + "api/DatasetsApi.kt", "description = \"Creates a brand new dataset.\"");
     }
+
+    @Test
+    void testSecurity() {
+
+        var codegen = new KotlinMicronautServerCodegen();
+        String outputPath = generateFiles(codegen, "src/test/resources/3_0/security.yml", CodegenConstants.APIS, CodegenConstants.MODELS);
+        String path = outputPath + "src/main/kotlin/org/openapitools/";
+
+        assertFileContains(path + "api/DefaultApi.kt",
+            """
+                    @Secured("read", "admin")
+                    fun get(): Mono<Void>
+                """,
+            """
+                    @Secured("write", "admin")
+                    fun save(): Mono<Void>
+                """);
+    }
 }

openapi-generator/src/test/resources/3_0/security.yml

@@ -0,0 +1,38 @@
+openapi: 3.0.3
+info:
+  description: This is an example of the openapi documentation
+  title: OpenAPI
+  version: 0.0.0
+paths:
+  /pet:
+    post:
+      operationId: save
+      security:
+        - OAuth2: [ write, admin ]
+      responses:
+        200:
+          description: Successfully saved
+    get:
+      operationId: get
+      security:
+        - OAuth2: [ read, admin ]
+      responses:
+        200:
+          description: Successfully retrieved information
+components:
+  securitySchemes:
+    OAuth2:
+      type: oauth2
+      flows:
+        authorizationCode:
+          authorizationUrl: https://example.com/oauth/authorize
+          tokenUrl: https://example.com/oauth/token
+          scopes:
+            read: Grants read access
+            write: Grants write access
+            admin: Grants access to admin operations
+security:
+  - OAuth2:
+      - read
+      - write
+      - admin

openapi/src/main/java/io/micronaut/openapi/visitor/ConfigUtils.java

@@ -1022,7 +1022,7 @@ public void setPostfix(String postfix) {
     }
 
     /**
-     * Duplicate schema resolution mode
+     * Duplicate schema resolution mode.
      */
     public enum DuplicateResolution {
         AUTO,