From 7897a73a31fe5b139521f2d0d290a118fed5cf86 Mon Sep 17 00:00:00 2001
From: Vincent BOUSSAUD <vincent.boussaud@obeo.fr>
Date: Tue, 13 Jan 2026 12:11:32 +0100
Subject: [PATCH 1/2] [SAFRAN-1242] Add capacity to load global security rule
 on all operations

---
 .../soa/gen/swagger/SoaComponentBuilder.java  | 56 ++++++++++++-------
 1 file changed, 37 insertions(+), 19 deletions(-)

diff --git a/addons/swagger/plugins/org.obeonetwork.dsl.soa.gen.swagger/src/org/obeonetwork/dsl/soa/gen/swagger/SoaComponentBuilder.java b/addons/swagger/plugins/org.obeonetwork.dsl.soa.gen.swagger/src/org/obeonetwork/dsl/soa/gen/swagger/SoaComponentBuilder.java
index bac591c5c..dc0fbcb75 100644
--- a/addons/swagger/plugins/org.obeonetwork.dsl.soa.gen.swagger/src/org/obeonetwork/dsl/soa/gen/swagger/SoaComponentBuilder.java
+++ b/addons/swagger/plugins/org.obeonetwork.dsl.soa.gen.swagger/src/org/obeonetwork/dsl/soa/gen/swagger/SoaComponentBuilder.java
@@ -248,7 +248,7 @@ private Component createSoaComponent() {
 		inlineTypes = new HashMap<>();
 
 		buildSoaSecuritySchemes();
-
+		
 		buildSoaExposedTypes();
 
 		buildSoaServices();
@@ -821,6 +821,16 @@ private void buildSoaOperations() {
 		}
 	}
 
+	/**
+	 * Create soa operation from swagger service
+	 * 
+	 * @param path
+	 * @param swgVerb
+	 * @param swgOperation
+	 * @param debugPath
+	 * @param globalSecuritySchemes - global security scheme apply on the whole swagger
+	 * @return the created operation
+	 */
 	private org.obeonetwork.dsl.soa.Operation createSoaOperation(String path, HttpMethod swgVerb, Operation swgOperation, List<String> debugPath) {
 		Service soaService = getSoaServiceFromPath(path);
 		Interface soaInterface = getOrCreateInterface(soaService);
@@ -884,27 +894,35 @@ private org.obeonetwork.dsl.soa.Operation createSoaOperation(String path, HttpMe
 			}
 		}
 
-		if (swgOperation.getSecurity() != null) {
-			for (SecurityRequirement swgSecurityRequirement : swgOperation.getSecurity()) {
+		final List<SecurityRequirement> securitySchemeForOp = swgOperation.getSecurity();
+		final List<SecurityRequirement> globalDeclaredSecurity = openApi.getSecurity();
+		// check if security behavior has been added to the operation in the swagger
+		Set<SecurityRequirement> allSecurityRequirement = new HashSet<>();
+		if (securitySchemeForOp != null) {
+			allSecurityRequirement.addAll(securitySchemeForOp);
+		}
+		if (globalDeclaredSecurity != null) {
+			allSecurityRequirement.addAll(globalDeclaredSecurity);
+		}
+		for (SecurityRequirement swgSecurityRequirement : allSecurityRequirement) {
 
-				if (!swgSecurityRequirement.keySet().isEmpty()) {
-					String ssKey = swgSecurityRequirement.keySet().iterator().next();
+			if (!swgSecurityRequirement.keySet().isEmpty()) {
+				String ssKey = swgSecurityRequirement.keySet().iterator().next();
 
-					for (org.obeonetwork.dsl.soa.SecurityScheme securityScheme : soaComponent.getSecuritySchemes().stream()//
-							.filter(ss -> ssKey.equals(ss.getName()))//
-							.collect(toList())) {
-						SecurityApplication soaSecurityApplication = SoaFactory.eINSTANCE.createSecurityApplication();
-						soaSecurityApplication.setSecurityScheme(securityScheme);
-						soaOperation.getSecurityApplications().add(soaSecurityApplication);
+				for (org.obeonetwork.dsl.soa.SecurityScheme securityScheme : soaComponent.getSecuritySchemes().stream()//
+						.filter(ss -> ssKey.equals(ss.getName()))//
+						.toList()) {
+					SecurityApplication soaSecurityApplication = SoaFactory.eINSTANCE.createSecurityApplication();
+					soaSecurityApplication.setSecurityScheme(securityScheme);
+					soaOperation.getSecurityApplications().add(soaSecurityApplication);
 
-						List<String> scopeNames = swgSecurityRequirement.get(ssKey);
-						if (scopeNames != null) {
-							for (String scopeName : scopeNames) {
-								List<Scope> soaScopes = securityScheme.getFlows().stream()//
-										.flatMap(f -> f.getScopes().stream()).filter(s -> s.getName().equals(scopeName))//
-										.collect(toList());
-								soaSecurityApplication.getScopes().addAll(soaScopes);
-							}
+					List<String> scopeNames = swgSecurityRequirement.get(ssKey);
+					if (scopeNames != null) {
+						for (String scopeName : scopeNames) {
+							List<Scope> soaScopes = securityScheme.getFlows().stream()//
+									.flatMap(f -> f.getScopes().stream()).filter(s -> s.getName().equals(scopeName))//
+									.collect(toList());
+							soaSecurityApplication.getScopes().addAll(soaScopes);
 						}
 					}
 				}

From 97b991005f572333cbc989e55c7afa2c2254f2db Mon Sep 17 00:00:00 2001
From: Vincent BOUSSAUD <vincent.boussaud@obeo.fr>
Date: Tue, 13 Jan 2026 14:54:07 +0100
Subject: [PATCH 2/2] [SAFRAN-1242] add global security rule in export

if a security rule is operational on all soa operations, it make it
global in the export
---
 .../dsl/soa/gen/swagger/SwaggerBuilder.java   | 37 +++++++++++++++++--
 1 file changed, 33 insertions(+), 4 deletions(-)

diff --git a/addons/swagger/plugins/org.obeonetwork.dsl.soa.gen.swagger/src/org/obeonetwork/dsl/soa/gen/swagger/SwaggerBuilder.java b/addons/swagger/plugins/org.obeonetwork.dsl.soa.gen.swagger/src/org/obeonetwork/dsl/soa/gen/swagger/SwaggerBuilder.java
index f563863c3..61174a242 100644
--- a/addons/swagger/plugins/org.obeonetwork.dsl.soa.gen.swagger/src/org/obeonetwork/dsl/soa/gen/swagger/SwaggerBuilder.java
+++ b/addons/swagger/plugins/org.obeonetwork.dsl.soa.gen.swagger/src/org/obeonetwork/dsl/soa/gen/swagger/SwaggerBuilder.java
@@ -44,6 +44,7 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 import org.eclipse.core.runtime.IStatus;
 import org.eclipse.emf.common.util.EList;
@@ -67,6 +68,7 @@
 import org.obeonetwork.dsl.soa.Information;
 import org.obeonetwork.dsl.soa.ParameterPassingMode;
 import org.obeonetwork.dsl.soa.Scope;
+import org.obeonetwork.dsl.soa.SecurityApplication;
 import org.obeonetwork.dsl.soa.SecuritySchemeType;
 import org.obeonetwork.dsl.soa.Service;
 import org.obeonetwork.dsl.soa.gen.swagger.utils.ComponentGenUtil;
@@ -166,6 +168,7 @@ private OpenAPI createOpenAPI() {
 		buildTags();
 		buildSecuritySchemes();
 		buildSchemas();
+		buildGlobalSecurity();
 		buildPaths();
 
 		return openApi;
@@ -207,6 +210,29 @@ private Tag createTag(Service soaService) {
 
 		return tag;
 	}
+	
+	/**
+	 * fill the global security rule if a rule is apply on all operations
+	 */
+	private void buildGlobalSecurity() {
+		List<org.obeonetwork.dsl.soa.Operation> restOperations = soaComponent.getProvidedServices().stream()
+				.map(soaService -> soaService.getOwnedInterface()).filter(itf -> itf != null)
+				.flatMap(itf -> itf.getOwnedOperations().stream()).filter(o -> o.getExposition() == ExpositionKind.REST)
+				.toList();
+		if (restOperations != null && !restOperations.isEmpty()) {
+			// we use the first operation as a lighter list of cases to analyze
+			for (SecurityApplication securityApplication : restOperations.get(0).getAllSecurityApplications()) {
+				if (restOperations.stream().allMatch(
+						ope -> ope.getAllSecurityApplications().stream().anyMatch(securityApp -> securityApplication
+								.getSecurityScheme().getName().equals(securityApp.getSecurityScheme().getName())))) {
+					SecurityRequirement swgSecurityRequirement = new SecurityRequirement();
+					swgSecurityRequirement.addList(securityApplication.getSecurityScheme().getName(),
+							securityApplication.getScopes().stream().map(Scope::getName).toList());
+					openApi.addSecurityItem(swgSecurityRequirement);
+				}
+			}
+		}
+	}
 
 	private void buildSecuritySchemes() {
 		soaComponent.getSecuritySchemes().forEach(soaSecurityScheme -> { 
@@ -910,10 +936,13 @@ private Operation createOperation(org.obeonetwork.dsl.soa.Operation soaOperation
 		for (org.obeonetwork.dsl.soa.SecurityApplication soaSecurityApplication : soaOperation
 				.getAllSecurityApplications()) {
 			org.obeonetwork.dsl.soa.SecurityScheme soaSecurityScheme = soaSecurityApplication.getSecurityScheme();
-			SecurityRequirement swgSecurityRequirement = new SecurityRequirement();
-			swgSecurityRequirement.addList(soaSecurityScheme.getName(),
-					soaSecurityApplication.getScopes().stream().map(Scope::getName).collect(toList()));
-			swgOperation.addSecurityItem(swgSecurityRequirement);
+			// security item is create for the operation if it doesn't already exist in global security
+			if (!openApi.getSecurity().stream().anyMatch(globalSecurity -> globalSecurity.containsKey(soaSecurityScheme.getName()))) {
+				SecurityRequirement swgSecurityRequirement = new SecurityRequirement();
+				swgSecurityRequirement.addList(soaSecurityScheme.getName(),
+						soaSecurityApplication.getScopes().stream().map(Scope::getName).collect(toList()));
+				swgOperation.addSecurityItem(swgSecurityRequirement);
+			}
 		}
 
 		addPropertiesExtensionsFromSoaToSwg(soaOperation, swgOperation);