#77 made the oas dependency optional and conditional

quartz-manager-parent/quartz-manager-starter-security/pom.xml

@@ -70,6 +70,7 @@
       <groupId>org.springdoc</groupId>
       <artifactId>springdoc-openapi-ui</artifactId>
       <version>${springdoc-openapi.version}</version>
+      <optional>true</optional>
     </dependency>
 
     <!-- TEST -->

quartz-manager-parent/quartz-manager-starter-security/src/main/java/it/fabioformosa/quartzmanager/api/security/QuartzManagerSecurityConfig.java

@@ -54,7 +54,7 @@ import static it.fabioformosa.quartzmanager.api.common.config.QuartzManagerPaths
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class QuartzManagerSecurityConfig {
 
-  private static final String[] PATTERNS_SWAGGER_UI = {"/swagger-ui.html", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**"};
+  private static final String[] PATTERNS_SWAGGER_UI = {"/swagger-ui/**", "/swagger-ui.html", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**"};
   public static final String QUARTZ_MANAGER_API_ANT_MATCHER = QUARTZ_MANAGER_BASE_CONTEXT_PATH + "/**";
   public static final String QUARTZ_MANAGER_UI_ANT_MATCHER = QuartzManagerPaths.WEBJAR_PATH + "/**";
 
@@ -121,11 +121,14 @@ public class QuartzManagerSecurityConfig {
   }
 
   @Bean(name = "quartzManagerWebSecurityCustomizer")
-  public WebSecurityCustomizer webSecurityCustomizer() {
-    return (web) ->
+  public WebSecurityCustomizer webSecurityCustomizer(@Value("${quartz-manager.oas.enabled:false}") Boolean oasEnabled) {
+    return (web) -> {
       web.ignoring()//
-        .antMatchers(HttpMethod.GET, PATTERNS_SWAGGER_UI) //
         .antMatchers(HttpMethod.GET, QUARTZ_MANAGER_UI_ANT_MATCHER);
+      if(BooleanUtils.isNotFalse(oasEnabled))
+        web.ignoring()
+          .antMatchers(HttpMethod.GET, PATTERNS_SWAGGER_UI);
+    };
   }
 
   @Bean(name = "quartzManagerCorsConfigurationSource")
@@ -151,8 +154,7 @@ public class QuartzManagerSecurityConfig {
     return jwtAuthenticationSuccessHandler;
   }
 
-  //  @Bean
-  public JwtTokenAuthenticationFilter jwtAuthenticationTokenFilter(UserDetailsService userDetailsService) throws Exception {
+  public JwtTokenAuthenticationFilter jwtAuthenticationTokenFilter(UserDetailsService userDetailsService) {
     return new JwtTokenAuthenticationFilter(jwtTokenHelper(), userDetailsService);
   }
 

quartz-manager-parent/quartz-manager-starter-security/src/main/java/it/fabioformosa/quartzmanager/api/security/config/SecurityOpenApiConfig.java

@@ -0,0 +1,61 @@
+package it.fabioformosa.quartzmanager.api.security.config;
+
+import io.swagger.v3.oas.models.Components;
+import io.swagger.v3.oas.models.Operation;
+import io.swagger.v3.oas.models.PathItem;
+import io.swagger.v3.oas.models.media.*;
+import io.swagger.v3.oas.models.parameters.RequestBody;
+import io.swagger.v3.oas.models.responses.ApiResponse;
+import io.swagger.v3.oas.models.responses.ApiResponses;
+import io.swagger.v3.oas.models.security.SecurityScheme;
+import it.fabioformosa.quartzmanager.api.common.config.OpenAPIConfigConsts;
+import it.fabioformosa.quartzmanager.api.common.config.QuartzManagerPaths;
+import it.fabioformosa.quartzmanager.api.security.properties.JwtSecurityProperties;
+import lombok.extern.slf4j.Slf4j;
+import org.springdoc.core.customizers.OpenApiCustomiser;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+
+import java.util.Arrays;
+
+@Slf4j
+@ConditionalOnProperty(name = "quartz-manager.oas.enabled")
+@Configuration
+public class SecurityOpenApiConfig {
+
+  @Order(Ordered.HIGHEST_PRECEDENCE)
+  @Bean("quartzManagerOpenApiCustomiser")
+  public OpenApiCustomiser configureQuartzManagerOpenAPI(JwtSecurityProperties jwtSecurityProps) {
+    return openAPI -> {
+      if (jwtSecurityProps.getCookieStrategy().isEnabled() == false)
+        openAPI
+          .components(new Components().addSecuritySchemes(OpenAPIConfigConsts.QUARTZ_MANAGER_SEC_OAS_SCHEMA, buildBasicAuthScheme()));
+
+      openAPI.path(QuartzManagerPaths.QUARTZ_MANAGER_LOGIN_PATH,
+        new PathItem().post(new Operation()
+          .operationId("login")
+          .tags(Arrays.asList("auth"))
+          .requestBody(new RequestBody().content(
+            new Content().addMediaType("application/x-www-form-urlencoded", new MediaType().schema(new Schema().type("object")
+              .addProperties("username", new StringSchema())
+              .addProperties("password", new PasswordSchema())
+              .required(Arrays.asList("username", "password"))
+            ))))
+          .responses(new ApiResponses().addApiResponse("200", new ApiResponse().description("JWT Token to authenticate the next requests")))
+          .responses(new ApiResponses().addApiResponse("401", new ApiResponse().description("Unauthorized - Username or password are incorrect!")))
+        ));
+    };
+  }
+
+  private SecurityScheme buildBasicAuthScheme() {
+    return new SecurityScheme()
+      .type(SecurityScheme.Type.HTTP)
+      .scheme("bearer")
+      .bearerFormat("JWT")
+      .description("A JWT Token in required to access this API. You can obtain a JWT Token by providing the username and password in the login API");
+  }
+
+}

quartz-manager-parent/quartz-manager-starter-security/src/main/java/it/fabioformosa/quartzmanager/api/security/controllers/UserController.java

@@ -16,7 +16,7 @@ import static it.fabioformosa.quartzmanager.api.common.config.QuartzManagerPaths
 
 @RestController
 @Hidden
-@SecurityRequirement(name = OpenAPIConfigConsts.BASIC_AUTH_SEC_OAS_SCHEME)
+@SecurityRequirement(name = OpenAPIConfigConsts.QUARTZ_MANAGER_SEC_OAS_SCHEMA)
 @RequestMapping(value = QUARTZ_MANAGER_AUTH_PATH, produces = MediaType.APPLICATION_JSON_VALUE)
 public class UserController {