diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java index 0c1afbcad..88e2e79aa 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java @@ -279,6 +279,9 @@ class JwtAuthoritiesExtractor { @SuppressWarnings("unchecked") Set extract(final String clientId, final Map claims) { final Map resourceMap = (Map) claims.get("resource_access"); + if (CollectionUtils.isEmpty(resourceMap)) { + return Collections.emptySet(); + } final Map> clientResource = (Map>) resourceMap .get(clientId); diff --git a/hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/OpenApiConfiguration.java b/hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/OpenApiConfiguration.java index e50f0c230..6b9f09c20 100644 --- a/hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/OpenApiConfiguration.java +++ b/hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/OpenApiConfiguration.java @@ -33,6 +33,7 @@ public class OpenApiConfiguration { """; private static final String BASIC_AUTH_SEC_SCHEME_NAME = "Basic Authentication"; + private static final String BEARER_AUTH_SEC_SCHEME_NAME = "Bearer Authentication"; private static final String DDI_TOKEN_SEC_SCHEME_NAME = "DDI Target/GatewayToken Authentication"; @Bean @@ -52,7 +53,9 @@ public class OpenApiConfiguration { .pathsToMatch("/rest/v1/**") .addOpenApiCustomiser(openApi -> { openApi - .addSecurityItem(new SecurityRequirement().addList(BASIC_AUTH_SEC_SCHEME_NAME)) + .addSecurityItem(new SecurityRequirement() + .addList(BASIC_AUTH_SEC_SCHEME_NAME) + .addList(BEARER_AUTH_SEC_SCHEME_NAME)) .components( openApi .getComponents() @@ -61,11 +64,17 @@ public class OpenApiConfiguration { .name(BASIC_AUTH_SEC_SCHEME_NAME) .type(SecurityScheme.Type.HTTP) .in(SecurityScheme.In.HEADER) - .scheme("basic"))); + .scheme("basic")) + .addSecuritySchemes(BEARER_AUTH_SEC_SCHEME_NAME, + new SecurityScheme() + .name(BEARER_AUTH_SEC_SCHEME_NAME) + .type(SecurityScheme.Type.HTTP) + .in(SecurityScheme.In.HEADER) + .bearerFormat("JWT") + .scheme("bearer"))); }) .build(); } - @Bean @ConditionalOnProperty( value="hawkbit.server.swagger.ddi.api.group.enabled",