diff --git a/modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/util/OpenAPIDeserializerTest.java b/modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/util/OpenAPIDeserializerTest.java index 965b6d4865..e72f0fd70f 100644 --- a/modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/util/OpenAPIDeserializerTest.java +++ b/modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/util/OpenAPIDeserializerTest.java @@ -3364,6 +3364,42 @@ public void readEmptySecurityRequirement() throws Exception { assertEquals(openAPI.getSecurity().size(), 4); } + @Test + public void readOperationSecurityWithAnonymousAlternative() { + final String yaml = "openapi: 3.0.3\n" + + "info:\n" + + " title: Security alternatives\n" + + " version: 1.0.0\n" + + "paths:\n" + + " /search:\n" + + " get:\n" + + " security:\n" + + " - {}\n" + + " - ApiKeyAuth: []\n" + + " responses:\n" + + " '200':\n" + + " description: ok\n" + + "components:\n" + + " securitySchemes:\n" + + " ApiKeyAuth:\n" + + " type: apiKey\n" + + " in: header\n" + + " name: X-API-Key\n"; + + final SwaggerParseResult result = new OpenAPIV3Parser().readContents(yaml, null, null); + + assertNotNull(result.getOpenAPI()); + assertTrue(result.getMessages().isEmpty(), result.getMessages().toString()); + + final Operation operation = result.getOpenAPI().getPaths().get("/search").getGet(); + final List security = operation.getSecurity(); + + assertEquals(security.size(), 2); + assertTrue(security.get(0).isEmpty()); + assertTrue(security.get(1).containsKey("ApiKeyAuth")); + assertTrue(security.get(1).get("ApiKeyAuth").isEmpty()); + } + @Test public void readEmptyServerObject() throws Exception { final ObjectMapper mapper = new ObjectMapper(new YAMLFactory());