Merge pull request #3726 from nscuro/openapi-v3

Migrate from Swagger v2 to OpenAPI v3

pom.xml

@@ -260,6 +260,17 @@
             <version>${lib.pebble.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>io.swagger.core.v3</groupId>
+            <artifactId>swagger-jaxrs2</artifactId>
+            <version>${lib.swagger.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>io.swagger.core.v3</groupId>
+            <artifactId>swagger-jaxrs2-servlet-initializer-v2</artifactId>
+            <version>${lib.swagger.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>

src/main/java/org/dependencytrack/model/Component.java

@@ -27,7 +27,7 @@
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.github.packageurl.MalformedPackageURLException;
 import com.github.packageurl.PackageURL;
-import io.swagger.annotations.ApiModelProperty;
+import io.swagger.v3.oas.annotations.media.Schema;
 import org.apache.commons.lang3.StringUtils;
 import org.dependencytrack.model.validation.ValidSpdxExpression;
 import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter;
@@ -253,7 +253,7 @@ public enum FetchGroup {
     @Size(max = 786)
     @com.github.packageurl.validator.PackageURL
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
-    @ApiModelProperty(dataType = "string")
+    @Schema(type = "string")
     private String purl;
 
     @Persistent(defaultFetchGroup = "true")
@@ -587,7 +587,7 @@ public void setPurl(String purl) {
     }
 
     @JsonSerialize(using = CustomPackageURLSerializer.class)
-    @ApiModelProperty(dataType = "string", accessMode = ApiModelProperty.AccessMode.READ_ONLY)
+    @Schema(type = "string", accessMode = Schema.AccessMode.READ_ONLY)
     public PackageURL getPurlCoordinates() {
         if (purlCoordinates == null) {
             return null;
@@ -785,7 +785,7 @@ public void setRepositoryMeta(RepositoryMetaComponent repositoryMeta) {
     }
 
     @JsonIgnore
-    @ApiModelProperty(hidden = true)
+    @Schema(hidden = true)
     public boolean isNew() {
         return isNew;
     }
@@ -804,7 +804,7 @@ public void setLastInheritedRiskScore(Double lastInheritedRiskScore) {
     }
 
     @JsonIgnore
-    @ApiModelProperty(hidden = true)
+    @Schema(hidden = true)
     public String getBomRef() {
         return bomRef;
     }
@@ -815,7 +815,7 @@ public void setBomRef(String bomRef) {
     }
 
     @JsonIgnore
-    @ApiModelProperty(hidden = true)
+    @Schema(hidden = true)
     public List<org.cyclonedx.model.License> getLicenseCandidates() {
         return licenseCandidates;
     }
@@ -826,7 +826,7 @@ public void setLicenseCandidates(final List<org.cyclonedx.model.License> license
     }
 
     @JsonIgnore
-    @ApiModelProperty(hidden = true)
+    @Schema(hidden = true)
     public JsonObject getCacheResult() {
         return cacheResult;
     }

src/main/java/org/dependencytrack/model/PortfolioMetrics.java

@@ -20,8 +20,7 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.swagger.annotations.ApiModelProperty;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 import javax.jdo.annotations.Column;
 import javax.jdo.annotations.IdGeneratorStrategy;
@@ -53,22 +52,22 @@ public class PortfolioMetrics implements Serializable {
 
     @Persistent
     @Column(name = "CRITICAL")
-    @ApiModelProperty(required = true)
+    @Schema(required = true)
     private int critical;
 
     @Persistent
     @Column(name = "HIGH")
-    @ApiModelProperty(required = true)
+    @Schema(required = true)
     private int high;
 
     @Persistent
     @Column(name = "MEDIUM")
-    @ApiModelProperty(required = true)
+    @Schema(required = true)
     private int medium;
 
     @Persistent
     @Column(name = "LOW")
-    @ApiModelProperty(required = true)
+    @Schema(required = true)
     private int low;
 
     @Persistent
@@ -179,14 +178,14 @@ public class PortfolioMetrics implements Serializable {
     @Column(name = "FIRST_OCCURRENCE", allowsNull = "false")
     @NotNull
     @Index(name = "PORTFOLIOMETRICS_FIRST_OCCURRENCE_IDX")
-    @ApiModelProperty(required = true, dataType = "number")
+    @Schema(requiredMode = Schema.RequiredMode.REQUIRED, type = "number")
     private Date firstOccurrence;
 
     @Persistent
     @Column(name = "LAST_OCCURRENCE", allowsNull = "false")
     @NotNull
     @Index(name = "PORTFOLIOMETRICS_LAST_OCCURRENCE_IDX")
-    @ApiModelProperty(required = true, dataType = "number")
+    @Schema(requiredMode = Schema.RequiredMode.REQUIRED, type = "number")
     private Date lastOccurrence;
 
     public long getId() {

src/main/java/org/dependencytrack/model/Project.java

@@ -31,7 +31,7 @@
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.github.packageurl.MalformedPackageURLException;
 import com.github.packageurl.PackageURL;
-import io.swagger.annotations.ApiModelProperty;
+import io.swagger.v3.oas.annotations.media.Schema;
 import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter;
 import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer;
 
@@ -199,7 +199,7 @@ public enum FetchGroup {
     @Size(max = 786)
     @com.github.packageurl.validator.PackageURL
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
-    @ApiModelProperty(dataType = "string")
+    @Schema(type = "string")
     private String purl;
 
     @Persistent
@@ -280,7 +280,7 @@ public enum FetchGroup {
     private List<ExternalReference> externalReferences;
 
     @Persistent(mappedBy = "project")
-    @ApiModelProperty(accessMode = ApiModelProperty.AccessMode.READ_ONLY)
+    @Schema(accessMode = Schema.AccessMode.READ_ONLY)
     private ProjectMetadata metadata;
 
     private transient String bomRef;

src/main/java/org/dependencytrack/model/ProjectMetrics.java

@@ -20,8 +20,7 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonInclude;
-
-import io.swagger.annotations.ApiModelProperty;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 import javax.jdo.annotations.Column;
 import javax.jdo.annotations.IdGeneratorStrategy;
@@ -52,22 +51,22 @@ public class ProjectMetrics implements Serializable {
 
     @Persistent
     @Column(name = "PROJECT_ID", allowsNull = "false")
-    @ApiModelProperty(required = true)
+    @Schema(required = true)
     private Project project;
 
     @Persistent
     @Column(name = "CRITICAL")
-    @ApiModelProperty(required = true)
+    @Schema(required = true)
     private int critical;
 
     @Persistent
     @Column(name = "HIGH")
-    @ApiModelProperty(required = true)
+    @Schema(required = true)
     private int high;
 
     @Persistent
     @Column(name = "MEDIUM")
-    @ApiModelProperty(required = true)
+    @Schema(required = true)
     private int medium;
 
     @Persistent
@@ -175,14 +174,14 @@ public class ProjectMetrics implements Serializable {
     @Column(name = "FIRST_OCCURRENCE", allowsNull = "false")
     @NotNull
     @Index(name = "PROJECTMETRICS_FIRST_OCCURRENCE_IDX")
-    @ApiModelProperty(required = true, dataType = "number")
+    @Schema(requiredMode = Schema.RequiredMode.REQUIRED, type = "number")
     private Date firstOccurrence;
 
     @Persistent
     @Column(name = "LAST_OCCURRENCE", allowsNull = "false")
     @NotNull
     @Index(name = "PROJECTMETRICS_LAST_OCCURRENCE_IDX")
-    @ApiModelProperty(required = true, dataType = "number")
+    @Schema(requiredMode = Schema.RequiredMode.REQUIRED, type = "number")
     private Date lastOccurrence;
 
     public long getId() {

src/main/java/org/dependencytrack/resources/OpenApiResource.java

@@ -0,0 +1,61 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+package org.dependencytrack.resources;
+
+import alpine.server.auth.AuthenticationNotRequired;
+import io.swagger.v3.jaxrs2.integration.resources.BaseOpenApiResource;
+import io.swagger.v3.oas.annotations.Operation;
+
+import javax.servlet.ServletConfig;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Application;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+/**
+ * @since 4.12.0
+ */
+@Path("/openapi.{type:json|yaml}")
+public class OpenApiResource extends BaseOpenApiResource {
+
+    @Context
+    ServletConfig config;
+
+    @Context
+    Application app;
+
+    @GET
+    @Produces({MediaType.APPLICATION_JSON, "application/yaml"})
+    @Operation(hidden = true)
+    @AuthenticationNotRequired
+    public Response getOpenApi(
+            @Context final HttpHeaders headers,
+            @Context final UriInfo uriInfo,
+            @PathParam("type") final String type
+    ) throws Exception {
+        return super.getOpenApi(headers, config, app, uriInfo, type);
+    }
+
+}