[java spring] API Key based Authentication how to access ?

[sashank]

This is more of a question.

We have a swagger file with authentication mechanism as apikey and appid

security:
  - apiKey: []
    appId: []

Upon generation of Server ( Java Spring ) and Client (Java) below snippets got generated

Server
the interface GroupAPI has below code

 @ApiOperation(value = "Return the group which was created", nickname = "createGroup", notes = "Returns HTTP 201 if the group is successfully created.", response = Void.class, authorizations = {
        @Authorization(value = "apiKey"),
        @Authorization(value = "appId")
    }, tags={ "UserGroups", })
    @ApiResponses(value = { 
        @ApiResponse(code = 200, message = "OK. Request is OK."),
        @ApiResponse(code = 201, message = "The request has been fulfilled, and a new resource is created ."),
        @ApiResponse(code = 400, message = "Bad Request. The request cannot be fulfilled due to bad syntax."),
        @ApiResponse(code = 401, message = "Unauthorized. Authentication failed or not provided"),
        @ApiResponse(code = 403, message = "Forbidden. The user might not have the necessary permissions for a resource."),
        @ApiResponse(code = 500, message = "Internal Server Error. An unexpected condition was encountered."),
         })
    @RequestMapping(value = "/identity/groups",
        produces = { "application/json" }, 
        consumes = { "application/json" },
        method = RequestMethod.POST)
    ResponseEntity<Void> createGroup(@ApiParam(value = "" ,required=true )  @Valid @RequestBody Group body, @RequestHeader(value = "Accept", required = false) String accept) throws Exception;

How do we access the apikey and appId in the controller class method that looks like below ?

public ResponseEntity<Void> createGroup(@ApiParam(value = "" ,required=true )  @Valid @RequestBody Group body,
        @RequestHeader(value = "Accept", required = false) String accept) throws Exception {
        // do some magic!
        return new ResponseEntity<Void>(HttpStatus.OK);
    }

Is there any reference example , greatly appreciated .

[drej1]

Hi, we have the same issue using server spring. I think the codegen should be intelligent enough to be able to check the security definitions, eg:
securityDefinitions:

apiKey:
    type: "apiKey"
    name: "apiKey"
    in: "header"

and if this security definition is used on a resource than it should generate something like:

public ResponseEntity<Void> createGroup(@ApiParam(value = "" ,required=true )  @Valid @RequestBody Group body,
        @RequestHeader(value = "Accept", required = false) String accept,
        @RequestHeader(value="apiKey", required=true) String apiKey) throws Exception {
        // do some magic!
        return new ResponseEntity<Void>(HttpStatus.OK);
    }