Hey,
I saw, that in case you inject the Principal by using @AuthenticationPrincipal into your controller it would be treated as RequestBody and overwrite other valid RequestBody parameters.
See: https://github.com/kaibra/springdoc-openapi/commit/f2763a0968542526b215a4ce854bb90d007933c7 , where I added a app61_actual.json file which contains the actual output of the endpoint.
Looks like this could be fixed in https://github.com/springdoc/springdoc-openapi/blob/master/springdoc-openapi-webmvc-core/src/main/java/org/springdoc/core/RequestBuilder.java#L24 ?!
Regards,
Kai
Hi,
A first workaround would be to use: @Parameter(hidden = true)
@PostMapping(value = "/persons-with-user")
public String personsWithUser(@RequestBody() Person person, @Parameter(hidden = true)
@AuthenticationPrincipal User user) {
return "OK";
}
If it makes sense, it will be added to the default behaviour of springdoc-openapi on the next release.
Hi,
The following module has been added to springdoc-openapi.
This module will handle, specific spring-security expected behaviours.
For a project that uses spring-security, you should add the follwing dependency, together with the springdoc-openapi-ui dependency:
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-security</artifactId>
<version>1.2.15</version>
</dependency>
Most helpful comment
Hi,
The following module has been added to springdoc-openapi.
This module will handle, specific spring-security expected behaviours.
For a project that uses spring-security, you should add the follwing dependency, together with the springdoc-openapi-ui dependency: