Name collision in api spec possible for colliding supertype names

[tbvh]

In a project where we use polymorphism quite a lot we identified that supertypes with a shared name might collide. The api spec output is therefore incorrect. Instead of producing an incorrect swagger spec there should be an error raised.

The issue arises when there exist two (or more) type hierarchies with a common supertype name and the supertypes are annotated with @JsonSubTypes. The resulting model uses the allOf construct to specify the inherited properties. Where the schema is wrong is that only one of the supertype definitions is included. Subtypes of the other (not included) supertype reference the incorrect spec by name, while still referencing the supposed inherited properties (e.g. in the 'required' list).

For example, the supertype and subtype mismatch in the schema can look like this, Foo extends from the CollidingBase shown, but Bar has actually a different CollidingBase supertype:

  "components": {
    "schemas": {
      "CollidingBase": {
        "required": [
          "fooBase"
        ],
        "type": "object",
        "properties": {
          "fooBase": {
            "type": "string"
          }
        }
      },
      "Bar": {
        "required": [
          "bar",
          "barBase"
        ],
        "type": "object",
        "allOf": [
          {
            "$ref": "#/components/schemas/CollidingBase"
          },
          {
            "type": "object",
            "properties": {
              "bar": {
                "type": "string"
              }
            }
          }
        ]
      },

Versions: io.swagger.core.v3 » swagger-core-jakarta 2.2.21 via: org.springdoc:springdoc-openapi-starter-webmvc-ui version 2.5.0 org.springframework.boot version "3.3.0"

Example repository here: https://github.com/tbvh/springdoc-collision-demo (the full spec output is included in the repository)