OpenAPI document endpoints#3689
Open
joemahady-comm wants to merge 13 commits intocloudfoundry:developfrom
Open
OpenAPI document endpoints#3689joemahady-comm wants to merge 13 commits intocloudfoundry:developfrom
joemahady-comm wants to merge 13 commits intocloudfoundry:developfrom
Conversation
cf-foundation-community-automation
bot
moved this to Inbox
in Foundational Infrastructure Working Group
fhanik
reviewed
Feb 2, 2026
uaa/src/main/java/org/cloudfoundry/identity/uaa/OpenApiConfiguration.java
Outdated
Show resolved
Hide resolved
uaa/src/main/java/org/cloudfoundry/identity/uaa/OpenApiConfiguration.java
Outdated
Show resolved
Hide resolved
fhanik
changed the title
duanemay
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request adds OpenAPI 3.0 documentation support to the UAA server using springdoc-openapi library. It enables interactive API documentation through Swagger UI, making it easier for developers to understand and test UAA endpoints.
Changes:
- Added springdoc-openapi library dependency (version 2.7.0) to support OpenAPI documentation generation
- Created OpenApiConfiguration class to define API metadata, security schemes, and server information
- Configured springdoc endpoints in uaa.yml for API docs and Swagger UI access
- Added OpenAPI documentation endpoints to the security filter whitelist to make them publicly accessible
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| dependencies.gradle | Adds springdoc-openapi-starter-webmvc-ui:2.7.0 library definition |
| uaa/build.gradle | Includes springdoc-openapi dependency in the uaa module |
| server/build.gradle | Includes springdoc-openapi dependency in the server module |
| uaa/src/main/java/org/cloudfoundry/identity/uaa/OpenApiConfiguration.java | Configures OpenAPI 3.0 metadata, including API info, contact details, license, and OAuth2 security scheme |
| uaa/src/main/resources/uaa.yml | Configures springdoc endpoints for API docs (/v3/api-docs) and Swagger UI (/swagger-ui.html) with sorting and display options |
| server/src/main/java/org/cloudfoundry/identity/uaa/SpringServletXmlSecurityConfiguration.java | Whitelists OpenAPI documentation endpoints to allow public access without authentication |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
uaa/src/main/java/org/cloudfoundry/identity/uaa/OpenApiConfiguration.java
Outdated
Show resolved
Hide resolved
uaa/src/main/java/org/cloudfoundry/identity/uaa/OpenApiConfiguration.java
Show resolved
Hide resolved
server/src/main/java/org/cloudfoundry/identity/uaa/SpringServletXmlSecurityConfiguration.java
Show resolved
Hide resolved
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (6)
server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/UaaConfiguration.java:121
springdocis declared without@Valid, while most other top-level map-based config sections in this class are annotated with@Valid. Consider adding@Validhere (or adding a short comment explaining why validation is intentionally skipped) to keep the configuration model consistent.
public RateLimit ratelimit;
public Map<String, Object> springdoc;
uaa/build.gradle:66
springdocOpenapiis being added as animplementationdependency here, but it is also added inserver/build.gradle. Sinceuaaalready depends on:cloudfoundry-identity-server, consider declaring this dependency in only one place to avoid redundant transitive deps and a larger final artifact.
implementation(libraries.braveInstrumentation)
implementation(libraries.braveContextSlf4j)
// OpenAPI documentation
implementation(libraries.springdocOpenapi)
implementation(libraries.springWeb)
server/build.gradle:41
springdocOpenapiis added here and also inuaa/build.gradle. Sinceuaadepends on this module, keeping the dependency in both places is likely redundant; consider consolidating it into a single module (preferably where the feature is actually used) to reduce duplication and clarify ownership.
implementation(libraries.guava)
// OpenAPI documentation
implementation(libraries.springdocOpenapi)
implementation(libraries.aspectJRt)
server/src/main/java/org/cloudfoundry/identity/uaa/SpringServletXmlSecurityConfiguration.java:75
noSecurityEndpointsnow includes the Springdoc OpenAPI/Swagger UI routes, which makes these documentation endpoints accessible without authentication. If the intent is to restrict API docs in production, consider moving these matchers out of the permit-all chain (or gating them behind a config flag/profile) so they can be disabled/secured when needed.
// OpenAPI documentation endpoints
"/v3/api-docs/**",
"/v3/api-docs",
"/v3/api-docs.yaml",
"/swagger-ui/**",
"/swagger-ui.html",
server/src/main/java/org/cloudfoundry/identity/uaa/SpringServletXmlSecurityConfiguration.java:73
- There is trailing whitespace after the string literal delimiter here (
"/v3/api-docs",). Please remove the trailing spaces to avoid failing whitespace/style checks and to keep diffs clean.
"/v3/api-docs",
"/v3/api-docs.yaml",
uaa/src/main/resources/uaa.yml:606
springdocis added as a top-level YAML section, and this file setsspringdoc.api-docs.enabledandspringdoc.swagger-ui.enabledtotrueby default. Ifuaa.ymlis used as a baseline config for non-dev deployments, consider defaulting these tofalse(or placing them under a dev/profile-specific config) to avoid exposing docs endpoints unexpectedly.
springdoc:
api-docs:
enabled: true
path: /v3/api-docs
resolve-schema-properties: true
swagger-ui:
enabled: true
path: /swagger-ui.html
url: /v3/api-docs
disable-swagger-default-url: true
try-it-out-enabled: true
tags-sorter: alpha
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
duanemay
approved these changes
Mar 3, 2026
github-project-automation
bot
moved this from Inbox
to Pending Merge | Prioritized
in Foundational Infrastructure Working Group
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Draft pull request testing the generation of OpenAPI document endpoints.