This is an automated email from the ASF dual-hosted git repository. robertlazarski pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git
commit bb40cf318d72f0be84877bcd53b67b9e3f819aee Author: Robert Lazarski <[email protected]> AuthorDate: Sun Apr 5 18:21:59 2026 -1000 openapi: address Gemini review findings on bearerAuth switch - Assert basicAuth is absent (not just that bearerAuth is present) in the performance test, so removal of the old key is explicitly verified - Strengthen testMultiSecuritySchemeScenario: verify bearerAuth scheme type/scheme values, assert basicAuth is gone, and verify the API-level security requirement actually references bearerAuth Co-Authored-By: Claude Sonnet 4.6 <[email protected]> --- .../openapi/AdvancedGuideIntegrationTest.java | 28 ++++++++++++---------- .../axis2/openapi/OpenApiConfigurationTest.java | 4 +++- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/modules/openapi/src/test/java/org/apache/axis2/openapi/AdvancedGuideIntegrationTest.java b/modules/openapi/src/test/java/org/apache/axis2/openapi/AdvancedGuideIntegrationTest.java index 15b324a922..69cb1e0a17 100644 --- a/modules/openapi/src/test/java/org/apache/axis2/openapi/AdvancedGuideIntegrationTest.java +++ b/modules/openapi/src/test/java/org/apache/axis2/openapi/AdvancedGuideIntegrationTest.java @@ -273,19 +273,21 @@ public class AdvancedGuideIntegrationTest extends TestCase { boolean hasOAuth2 = securitySchemes.containsKey("oauth2"); assertTrue("Should have bearer token authentication by default", hasBearerAuth); - - // Test that operations can use different security schemes - Map<String, PathItem> paths = openApi.getPaths(); - for (PathItem pathItem : paths.values()) { - for (Operation operation : pathItem.readOperationsMap().values()) { - if (operation.getSecurity() != null && !operation.getSecurity().isEmpty()) { - // Verify security requirements are properly structured - for (SecurityRequirement secReq : operation.getSecurity()) { - assertFalse("Security requirements should not be empty", secReq.isEmpty()); - } - } - } - } + assertFalse("basicAuth must not appear in the default spec", securitySchemes.containsKey("basicAuth")); + + // Verify the bearerAuth scheme is correctly typed + SecurityScheme bearer = securitySchemes.get("bearerAuth"); + assertEquals("bearerAuth type must be HTTP", SecurityScheme.Type.HTTP, bearer.getType()); + assertEquals("bearerAuth scheme must be bearer", "bearer", bearer.getScheme()); + + // Verify the API-level security requirement references bearerAuth + List<SecurityRequirement> apiSecurity = openApi.getSecurity(); + assertNotNull("API-level security requirements should be set", apiSecurity); + assertFalse("API-level security requirements should not be empty", apiSecurity.isEmpty()); + boolean apiReferencesBearerAuth = apiSecurity.stream() + .anyMatch(req -> req.containsKey("bearerAuth")); + assertTrue("At least one API-level security requirement must reference bearerAuth", + apiReferencesBearerAuth); } // ========== Advanced SwaggerUI Customization Tests ========== diff --git a/modules/openapi/src/test/java/org/apache/axis2/openapi/OpenApiConfigurationTest.java b/modules/openapi/src/test/java/org/apache/axis2/openapi/OpenApiConfigurationTest.java index a0e12e371b..96962e8ded 100644 --- a/modules/openapi/src/test/java/org/apache/axis2/openapi/OpenApiConfigurationTest.java +++ b/modules/openapi/src/test/java/org/apache/axis2/openapi/OpenApiConfigurationTest.java @@ -456,8 +456,10 @@ public class OpenApiConfigurationTest { assertEquals(10000, config.getResourcePackages().size()); assertEquals(10000, config.getResourceClasses().size()); assertEquals(10000, config.getIgnoredRoutes().size()); - // +1 for default bearerAuth scheme + // +1 for default bearerAuth scheme; basicAuth must not be present assertEquals(10001, config.getSecurityDefinitions().size()); + assertFalse("basicAuth must not be present after switch to bearerAuth", + config.getSecurityDefinitions().containsKey("basicAuth")); } @Test
