[jaxrs-spec][quarkus] Add useQuarkusSecurityAnnotations CLI flag to opt into security annotation emission

Introduces a new `useQuarkusSecurityAnnotations` boolean generator option (default false,
quarkus library only) that gates emission of security annotations (@authenticated and, in
future PRs, @RolesAllowed and @permitAll). Without the flag the generator behaviour is
unchanged; users who manage auth via application.properties can leave it unset.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: Ignacio-Vidal

modules/openapi-generator/src/main/java/org/openapitools/codegen/languages/JavaJAXRSSpecServerCodegen.java

@@ -53,6 +53,7 @@ public class JavaJAXRSSpecServerCodegen extends AbstractJavaJAXRSServerCodegen {
     public static final String USE_MUTINY = "useMutiny";
     public static final String OPEN_API_SPEC_FILE_LOCATION = "openApiSpecFileLocation";
     public static final String GENERATE_JSON_CREATOR = "generateJsonCreator";
+    public static final String USE_QUARKUS_SECURITY_ANNOTATIONS = "useQuarkusSecurityAnnotations";
 
     public static final String QUARKUS_LIBRARY = "quarkus";
     public static final String THORNTAIL_LIBRARY = "thorntail";
@@ -68,6 +69,7 @@ public class JavaJAXRSSpecServerCodegen extends AbstractJavaJAXRSServerCodegen {
     private boolean useSwaggerV3Annotations = false;
     private boolean useMicroProfileOpenAPIAnnotations = false;
     private boolean useMutiny = false;
+    private boolean useQuarkusSecurityAnnotations = false;
 
     @Getter @Setter
     protected boolean generateJsonCreator = true;
@@ -147,6 +149,7 @@ public JavaJAXRSSpecServerCodegen() {
         cliOptions.add(CliOption.newString(OPEN_API_SPEC_FILE_LOCATION, "Location where the file containing the spec will be generated in the output folder. No file generated when set to null or empty string."));
         cliOptions.add(CliOption.newBoolean(SUPPORT_ASYNC, "Wrap responses in CompletionStage type, allowing asynchronous computation (requires JAX-RS 2.1).", supportAsync));
         cliOptions.add(CliOption.newBoolean(USE_MUTINY, "Whether to use Smallrye Mutiny instead of CompletionStage for asynchronous computation. Only valid when library is set to quarkus.", useMutiny));
+        cliOptions.add(CliOption.newBoolean(USE_QUARKUS_SECURITY_ANNOTATIONS, "Whether to generate Quarkus security annotations (@Authenticated, @RolesAllowed, @PermitAll). Only valid when library is set to quarkus.", useQuarkusSecurityAnnotations));
         cliOptions.add(CliOption.newBoolean(GENERATE_JSON_CREATOR, "Whether to generate @JsonCreator constructor for required properties.", generateJsonCreator));
     }
 
@@ -189,6 +192,10 @@ public void processOpts() {
             convertPropertyToBooleanAndWriteBack(USE_MUTINY, value -> useMutiny = value);
         }
 
+        if (QUARKUS_LIBRARY.equals(library)) {
+            convertPropertyToBooleanAndWriteBack(USE_QUARKUS_SECURITY_ANNOTATIONS, value -> useQuarkusSecurityAnnotations = value);
+        }
+
         convertPropertyToBooleanAndWriteBack(GENERATE_JSON_CREATOR, this::setGenerateJsonCreator);
 
         if (additionalProperties.containsKey(OPEN_API_SPEC_FILE_LOCATION)) {
@@ -360,9 +367,9 @@ public OperationsMap postProcessOperationsWithModels(OperationsMap objs, List<Mo
                 additionalProperties.put("hasResponseStatusAnnotations", true);
             }
         }
-        if (QUARKUS_LIBRARY.equals(getLibrary())) {
+        if (useQuarkusSecurityAnnotations && QUARKUS_LIBRARY.equals(getLibrary())) {
             for (CodegenOperation op : objs.getOperations().getOperation()) {
-                if (shouldAddAuthenticatedAnnotation(op)){
+                if (shouldAddAuthenticatedAnnotation(op)) {
                     op.vendorExtensions.put("x-quarkus-authenticated", true);
                 }
             }

modules/openapi-generator/src/test/java/org/openapitools/codegen/java/jaxrs/JavaJAXRSSpecServerCodegenTest.java

@@ -1581,6 +1581,7 @@ public void quarkusEmitsAuthenticatedAnnotationForOAuth2(String specPath, boolea
         codegen.setLibrary(QUARKUS_LIBRARY);
         codegen.additionalProperties().put(INTERFACE_ONLY, interfaceOnly);
         codegen.additionalProperties().put(USE_JAKARTA_EE, true);
+        codegen.additionalProperties().put(USE_QUARKUS_SECURITY_ANNOTATIONS, true);
 
         final ClientOptInput input = new ClientOptInput()
                 .openAPI(openAPI)
@@ -1620,6 +1621,7 @@ public void quarkusEmitsAuthenticatedAnnotationForHttpBasic(boolean interfaceOnl
         codegen.setLibrary(QUARKUS_LIBRARY);
         codegen.additionalProperties().put(INTERFACE_ONLY, interfaceOnly);
         codegen.additionalProperties().put(USE_JAKARTA_EE, true);
+        codegen.additionalProperties().put(USE_QUARKUS_SECURITY_ANNOTATIONS, true);
 
         final DefaultGenerator generator = new DefaultGenerator();
         final List<File> files = generator.opts(new ClientOptInput().openAPI(openAPI).config(codegen)).generate();
@@ -1655,6 +1657,7 @@ public void quarkusEmitsAuthenticatedAnnotationForHttpBearer(boolean interfaceOn
         codegen.setLibrary(QUARKUS_LIBRARY);
         codegen.additionalProperties().put(INTERFACE_ONLY, interfaceOnly);
         codegen.additionalProperties().put(USE_JAKARTA_EE, true);
+        codegen.additionalProperties().put(USE_QUARKUS_SECURITY_ANNOTATIONS, true);
 
         final DefaultGenerator generator = new DefaultGenerator();
         final List<File> files = generator.opts(new ClientOptInput().openAPI(openAPI).config(codegen)).generate();
@@ -1690,6 +1693,7 @@ public void quarkusEmitsAuthenticatedAnnotationForApiKey(boolean interfaceOnly)
         codegen.setLibrary(QUARKUS_LIBRARY);
         codegen.additionalProperties().put(INTERFACE_ONLY, interfaceOnly);
         codegen.additionalProperties().put(USE_JAKARTA_EE, true);
+        codegen.additionalProperties().put(USE_QUARKUS_SECURITY_ANNOTATIONS, true);
 
         final DefaultGenerator generator = new DefaultGenerator();
         final List<File> files = generator.opts(new ClientOptInput().openAPI(openAPI).config(codegen)).generate();
@@ -1730,6 +1734,7 @@ public void quarkusEmitsAuthenticatedAnnotationForOpenIdConnect(String specPath,
         codegen.setLibrary(QUARKUS_LIBRARY);
         codegen.additionalProperties().put(INTERFACE_ONLY, interfaceOnly);
         codegen.additionalProperties().put(USE_JAKARTA_EE, true);
+        codegen.additionalProperties().put(USE_QUARKUS_SECURITY_ANNOTATIONS, true);
 
         final DefaultGenerator generator = new DefaultGenerator();
         final List<File> files = generator.opts(new ClientOptInput().openAPI(openAPI).config(codegen)).generate();
@@ -1740,4 +1745,26 @@ public void quarkusEmitsAuthenticatedAnnotationForOpenIdConnect(String specPath,
         final String content = Files.readString(output.toPath().resolve("src/gen/java/org/openapitools/api/ItemsApi.java"));
         Assert.assertEquals(TestUtils.countOccurrences(content, "@io\\.quarkus\\.security\\.Authenticated"), expectedCount);
     }
+
+    @Test
+    public void quarkusDoesNotEmitAuthenticatedWhenSecurityAnnotationsDisabled() throws Exception {
+        final File output = Files.createTempDirectory("test").toFile().getCanonicalFile();
+        output.deleteOnExit();
+
+        final OpenAPI openAPI = new OpenAPIParser()
+                .readLocation("src/test/resources/3_0/jaxrs-spec/quarkus-oauth2-no-scopes.yaml",
+                        null, new ParseOptions()).getOpenAPI();
+
+        codegen.setOutputDir(output.getAbsolutePath());
+        codegen.setLibrary(QUARKUS_LIBRARY);
+        codegen.additionalProperties().put(INTERFACE_ONLY, true);
+        codegen.additionalProperties().put(USE_JAKARTA_EE, true);
+        // useQuarkusSecurityAnnotations intentionally NOT set (defaults to false)
+
+        final DefaultGenerator generator = new DefaultGenerator();
+        generator.opts(new ClientOptInput().openAPI(openAPI).config(codegen)).generate();
+
+        final String content = Files.readString(output.toPath().resolve("src/gen/java/org/openapitools/api/ItemsApi.java"));
+        Assert.assertEquals(TestUtils.countOccurrences(content, "@io\\.quarkus\\.security\\.Authenticated"), 0);
+    }
 }