Description
Hi,
I'm new to opening issues but I would like to help this project as it is saving me a lot of time, thanks a lot for all the work!
I have read the submitting issues guidelines and searched for opened/closed issues about this and did not found anything. It is still on master and it is causing what I think is a reasonable unexpected behavior. I'm seeing this while using io.springfox:springfox-boot-starter:3.0.0-20200628.175806-24 dependency.
As the path and method selectors are deprecated in favor of the 'operation' one, it is supposed to get rid of these and use the operationSelector only. When this situation is met, the 'path' and 'method' selectors are set to (each) -> true and this is causing the SecurityContext#securityForOperation method to return the securityReferences even if it is not meant to:
On the SecurityContext#securityForOperation method, it is checked if the operationSelector is null and also if it gives true to return the securityReferences. If the operationSelector is not null but it gives false when tested, I think this is because it is intended to not return any securityReferences but, instead, the old deprecated path and method selectors are checked, which were set to (each) -> true and so the securityReferences are being returned:
I think that SecurityContext#securityForOperation method should check the deprecated path and method selectors only if the operation one is null.