Remove security schemes without marking them x-internal

limentas · limentas · commit 19dae248daf6 · 2026-03-17T17:56:36.000+01:00
diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/OpenAPINormalizer.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/OpenAPINormalizer.java
@@ -627,9 +627,13 @@ protected void normalizeComponentsSecuritySchemes() {
             }
         }
 
-        for (String schemeKey : schemes.keySet()) {
+        Iterator<Map.Entry<String, SecurityScheme>> it = schemes.entrySet().iterator();
+        while (it.hasNext()) {
+            Map.Entry<String, SecurityScheme> entry = it.next();
+            String schemeKey = entry.getKey();
+            SecurityScheme scheme = entry.getValue();
+
             if (schemeKey.equals(bearerAuthSecuritySchemeName)) {
-                SecurityScheme scheme = schemes.get(schemeKey);
                 scheme.setType(SecurityScheme.Type.HTTP);
                 scheme.setScheme("bearer");
                 scheme.setIn(null);
@@ -646,8 +650,10 @@ protected void normalizeComponentsSecuritySchemes() {
             // It may happen that bearer scheme will be filtered out on this step.
             // To keep the scheme - change filter input.
             if (filter != null && filter.hasFilter()) {
-                SecurityScheme scheme = schemes.get(schemeKey);
-                filter.apply(schemeKey, scheme);
+                boolean keep = filter.apply(schemeKey, scheme);
+                if (!keep) {
+                    it.remove();
+                }
             }
         }
     }
@@ -2220,13 +2226,13 @@ protected boolean hasCustomFilterMatch(String schemeKey, SecurityScheme scheme)
             return false;
         }
 
-        public void apply(String schemeKey, SecurityScheme scheme) {
+        public boolean apply(String schemeKey, SecurityScheme scheme) {
             boolean found = false;
             found |= logIfMatch(KEY, schemeKey, hasKey(schemeKey));
             found |= logIfMatch(TYPE, schemeKey, hasType(scheme.getType().toString()));
             found |= hasCustomFilterMatch(schemeKey, scheme);
 
-            scheme.addExtension(X_INTERNAL, !found);
+            return found;
         }
 
         private boolean hasKey(String key) {
diff --git a/modules/openapi-generator/src/test/java/org/openapitools/codegen/OpenAPINormalizerTest.java b/modules/openapi-generator/src/test/java/org/openapitools/codegen/OpenAPINormalizerTest.java
@@ -938,20 +938,16 @@ public void testSecuritySchemesFilter() {
 
         new OpenAPINormalizer(openAPI, options).normalize();
 
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("api_key1").getExtensions().get(X_INTERNAL),
-                false);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("api_key2").getExtensions().get(X_INTERNAL),
-                true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("http1").getExtensions().get(X_INTERNAL), true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("http2").getExtensions().get(X_INTERNAL), true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("mutualTLS1").getExtensions().get(X_INTERNAL), true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("mutualTLS2").getExtensions().get(X_INTERNAL), true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("oauth2_1").getExtensions().get(X_INTERNAL),
-                false);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("oauth2_2").getExtensions().get(X_INTERNAL),
-                false);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("openIdConnect1").getExtensions().get(X_INTERNAL), true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("openIdConnect2").getExtensions().get(X_INTERNAL), true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("api_key1"), true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("api_key2"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("http1"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("http2"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("mutualTLS1"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("mutualTLS2"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("oauth2_1"), true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("oauth2_2"), true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("openIdConnect1"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("openIdConnect2"), false);
     }
 
     @Test
@@ -964,23 +960,19 @@ public void testSecuritySchemesFilterAndBearerAuthName() {
 
         new OpenAPINormalizer(openAPI, options).normalize();
 
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("api_key1").getExtensions().get(X_INTERNAL),
-                false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("api_key1"), true);
         SecurityScheme scheme = openAPI.getComponents().getSecuritySchemes().get("api_key1");
         assertEquals(scheme.getType(), SecurityScheme.Type.HTTP);
         assertEquals(scheme.getScheme(), "bearer");
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("api_key2").getExtensions().get(X_INTERNAL),
-                true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("http1").getExtensions().get(X_INTERNAL), true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("http2").getExtensions().get(X_INTERNAL), true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("mutualTLS1").getExtensions().get(X_INTERNAL), true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("mutualTLS2").getExtensions().get(X_INTERNAL), true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("oauth2_1").getExtensions().get(X_INTERNAL),
-                true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("oauth2_2").getExtensions().get(X_INTERNAL),
-                true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("openIdConnect1").getExtensions().get(X_INTERNAL), true);
-        assertEquals(openAPI.getComponents().getSecuritySchemes().get("openIdConnect2").getExtensions().get(X_INTERNAL), true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("api_key2"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("http1"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("http2"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("mutualTLS1"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("mutualTLS2"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("oauth2_1"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("oauth2_2"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("openIdConnect1"), false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().containsKey("openIdConnect2"), false);
     }
 
     @Test

Original file line number	Diff line number	Diff line change
`@@ -627,9 +627,13 @@ protected void normalizeComponentsSecuritySchemes() {`
`627`	`627`	`}`
`628`	`628`	`}`
`629`	`629`
`630`		`- for (String schemeKey : schemes.keySet()) {`
	`630`	`+ Iterator<Map.Entry<String, SecurityScheme>> it = schemes.entrySet().iterator();`
	`631`	`+ while (it.hasNext()) {`
	`632`	`+ Map.Entry<String, SecurityScheme> entry = it.next();`
	`633`	`+ String schemeKey = entry.getKey();`
	`634`	`+ SecurityScheme scheme = entry.getValue();`
	`635`	`+`
`631`	`636`	`if (schemeKey.equals(bearerAuthSecuritySchemeName)) {`
`632`		`- SecurityScheme scheme = schemes.get(schemeKey);`
`633`	`637`	`scheme.setType(SecurityScheme.Type.HTTP);`
`634`	`638`	`scheme.setScheme("bearer");`
`635`	`639`	`scheme.setIn(null);`
`@@ -646,8 +650,10 @@ protected void normalizeComponentsSecuritySchemes() {`
`646`	`650`	`// It may happen that bearer scheme will be filtered out on this step.`
`647`	`651`	`// To keep the scheme - change filter input.`
`648`	`652`	`if (filter != null && filter.hasFilter()) {`
`649`		`- SecurityScheme scheme = schemes.get(schemeKey);`
`650`		`- filter.apply(schemeKey, scheme);`
	`653`	`+ boolean keep = filter.apply(schemeKey, scheme);`
	`654`	`+ if (!keep) {`
	`655`	`+ it.remove();`
	`656`	`+ }`
`651`	`657`	`}`
`652`	`658`	`}`
`653`	`659`	`}`
`@@ -2220,13 +2226,13 @@ protected boolean hasCustomFilterMatch(String schemeKey, SecurityScheme scheme)`
`2220`	`2226`	`return false;`
`2221`	`2227`	`}`
`2222`	`2228`
`2223`		`- public void apply(String schemeKey, SecurityScheme scheme) {`
	`2229`	`+ public boolean apply(String schemeKey, SecurityScheme scheme) {`
`2224`	`2230`	`boolean found = false;`
`2225`	`2231`	`found \|= logIfMatch(KEY, schemeKey, hasKey(schemeKey));`
`2226`	`2232`	`found \|= logIfMatch(TYPE, schemeKey, hasType(scheme.getType().toString()));`
`2227`	`2233`	`found \|= hasCustomFilterMatch(schemeKey, scheme);`
`2228`	`2234`
`2229`		`- scheme.addExtension(X_INTERNAL, !found);`
	`2235`	`+ return found;`
`2230`	`2236`	`}`
`2231`	`2237`
`2232`	`2238`	`private boolean hasKey(String key) {`