cancel
Showing results for 
Search instead for 
Did you mean: 

Security annotation does not seem to prevent the controller action from being executed

SOLVED
Highlighted
Frequent Visitor

Security annotation does not seem to prevent the controller action from being executed

Hello there,

Just copied and pasted from documentation:

nelmio_api_doc:
documentation:
info:
title: My App
version: 1.0.0

components:
securitySchemes:
Bearer:
type: http
scheme: bearer
bearerFormat: JWT
security:
- Bearer: []
areas: # to filter documented areas
path_patterns:
- ^/api(?!/doc$) # Accepts routes under /api except /api/doc

 Controller:

namespace App\Controller;

use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\Routing\Annotation\Route;
use Nelmio\ApiDocBundle\Annotation\Security;

class TestController
{

/**
* Test
* @Route("/api/test", name="issue", methods={"POST"})
* @Security(name="Bearer")
*/
public function test()
{

return new JsonResponse(["status" => "OK"]);
}
}

I see the resource "POST /api/test" in swagger UI, click on "Try it out", then "Execute", and the controller runs without a problem. Shouldn't the security prevent the execution of that controller action unless an authorization jwt token is passed?

I would expect something like "Unauthorized"...

 

Thanks

Antonio

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Moderator

Re: Security annotation does not seem to prevent the controller action from being executed

Hi Antonio,

 

Not exactly sure what is the piece of documentation you're sharing, as it's not a fully valid OpenAPI definition.

I assume from the code that you're using PHP's Symfony (not familiar with it at all, personally).

 

Swagger UI will simply follow the OpenAPI definition it is provided with.

If there's an issue with the code not adhering to the security requirements, you'd need to look into the code/framework you're using. Since we don't have any PHP libraries of our own, I'm afraid we can't help you with finding the solution.


Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓

View solution in original post

1 REPLY 1
Highlighted
Moderator

Re: Security annotation does not seem to prevent the controller action from being executed

Hi Antonio,

 

Not exactly sure what is the piece of documentation you're sharing, as it's not a fully valid OpenAPI definition.

I assume from the code that you're using PHP's Symfony (not familiar with it at all, personally).

 

Swagger UI will simply follow the OpenAPI definition it is provided with.

If there's an issue with the code not adhering to the security requirements, you'd need to look into the code/framework you're using. Since we don't have any PHP libraries of our own, I'm afraid we can't help you with finding the solution.


Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓

View solution in original post

New Here?
Join us and watch the welcome video:
Announcements
Top Kudoed Authors