return new Method(this.httpMethod,, path, parameters, responseMessages, summary, notes, returnTypeName, returnTypeItemsRef,
returnTypeItemsType, consumes, produces, authorizations, deprecated);
private OperationAuthorizations generateAuthorizations() {
OperationAuthorizations authorizations = null;
// build map of scopes from the api auth
Map<String, Oauth2Scope> apiScopes = new HashMap<String, Oauth2Scope>();
if (this.options.getApiAuthorizations() != null && this.options.getApiAuthorizations().getOauth2() != null
&& this.options.getApiAuthorizations().getOauth2().getScopes() != null) {
List<Oauth2Scope> scopes = this.options.getApiAuthorizations().getOauth2().getScopes();
if (scopes != null) {
for (Oauth2Scope scope : scopes) {
apiScopes.put(scope.getScope(), scope);
// see if method has a tag that implies there is no authentication
// in this case set the authentication object to {} to indicate we override
// at the operation level
// a) if method has an explicit unauth tag
if (ParserHelper.hasTag(this.methodDoc, this.options.getUnauthOperationTags())) {
authorizations = new OperationAuthorizations();
} else {
// otherwise if method has scope tags then add those to indicate method requires scope
List<String> scopeValues = ParserHelper.getTagValues(this.methodDoc, this.options.getOperationScopeTags());
if (scopeValues != null) {
List<Oauth2Scope> oauth2Scopes = new ArrayList<Oauth2Scope>();
for (String scopeVal : scopeValues) {
Oauth2Scope apiScope = apiScopes.get(scopeVal);
if (apiScope == null) {
throw new IllegalStateException("The scope: " + scopeVal + " was referenced in the method: " + this.methodDoc
+ " but this scope was not part of the API service.json level authorization object.");
authorizations = new OperationAuthorizations(oauth2Scopes);
// if not scopes see if its auth and whether we need to add default scope to it
if (scopeValues == null || scopeValues.isEmpty()) {
// b) if method has an auth tag that starts with one of the known values that indicates whether auth required.
String authSpec = ParserHelper.getTagValue(this.methodDoc, this.options.getAuthOperationTags());
if (authSpec != null) {
boolean unauthFound = false;
for (String unauthValue : this.options.getUnauthOperationTagValues()) {
if (authSpec.toLowerCase().startsWith(unauthValue.toLowerCase())) {
authorizations = new OperationAuthorizations();
unauthFound = true;
if (!unauthFound) {
// its deemed to require authentication, however there is no explicit scope so we need to use
// the default scopes
List<String> defaultScopes = this.options.getAuthOperationScopes();
if (defaultScopes != null && !defaultScopes.isEmpty()) {
List<Oauth2Scope> oauth2Scopes = new ArrayList<Oauth2Scope>();
for (String scopeVal : defaultScopes) {
Oauth2Scope apiScope = apiScopes.get(scopeVal);
if (apiScope == null) {
throw new IllegalStateException("The default scope: " + scopeVal + " needed for the authorized method: " + this.methodDoc
+ " was not part of the API service.json level authorization object.");
authorizations = new OperationAuthorizations(oauth2Scopes);