@@ -26,14 +26,22 @@ public class SecuritySchemeValidator extends ObjectValidatorBase<SecurityScheme>
2626 public void validateObject (SecurityScheme securityScheme , ValidationResults results ) {
2727 // no validation for: description, bearerFormat
2828 validateString (securityScheme .getType (), results , true , "apiKey|http|oauth2|openIdConnect" , "type" );
29- validateString (securityScheme .getName (), results , true , "name" );
30- validateString (securityScheme .getIn (), results , true , "query|header" , "in" );
31- // TODO Q: Spec says 'flow' is required, but it's just a map of OAuthFlow objects, none of which is noted as
32- // required. What's the real requirement here? Is anything required if type != oauth2
33- validateField (securityScheme .getImplicitOAuthFlow (), results , false , "flow.implicit" , oauthFlowValidator );
34- validateExtensions (securityScheme .getOAuthFlowsExtensions (), results , "flow" );
35- // TODO Q: is this really required if type != openIdConnect?
36- validateUrl (securityScheme .getOpenIdConnectUrl (), results , true , "openIdConnectUrl" );
29+ switch (securityScheme .getType ()) {
30+ case "http" :
31+ // If bearer validate bearerFormat
32+ break ;
33+ case "apiKey" :
34+ validateString (securityScheme .getName (), results , true , "name" );
35+ validateString (securityScheme .getIn (), results , true , "query|header" , "in" );
36+ break ;
37+ case "oauth2" :
38+ validateField (securityScheme .getImplicitOAuthFlow (), results , false , "flow.implicit" , oauthFlowValidator );
39+ validateExtensions (securityScheme .getOAuthFlowsExtensions (), results , "flow" );
40+ break ;
41+ case "openIdConnect" :
42+ validateUrl (securityScheme .getOpenIdConnectUrl (), results , true , "openIdConnectUrl" );
43+ break ;
44+ }
3745 validateExtensions (securityScheme .getExtensions (), results );
3846 }
3947
0 commit comments