apache
diff --git a/‎nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java
+28-39 b/‎nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java
+28-39
diff --git a/‎nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+13-20 b/‎nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+13-20
diff --git a/‎nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java
+24-31 b/‎nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java
+24-31
@@ -16,14 +16,11 @@
  */
 package org.apache.nifi.web.api;
 
-import java.net.URI;
-
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.ws.rs.Consumes;
@@ -60,6 +57,8 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 
+import java.net.URI;
+
 /**
  * RESTful endpoint for managing access policies.
  */
@@ -120,18 +119,16 @@ public AccessPolicyEntity populateRemainingAccessPolicyEntityContent(AccessPolic
                     + "have permissions to that policy, the response will not include the policy and the permissions in the response "
                     + "will be marked accordingly. If the client does not have permissions to the policy of the desired action and resource "
                     + "a 403 response will be returned.",
-            responses = @ApiResponse(content = @Content(schema = @Schema(implementation = AccessPolicyEntity.class))),
-            security = {
-                    @SecurityRequirement(name = "Read - /policies/{resource}")
-            }
-    )
-    @ApiResponses(
-            value = {
+            responses = {
+                    @ApiResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = AccessPolicyEntity.class))),
                     @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
                     @ApiResponse(responseCode = "401", description = "Client could not be authenticated."),
                     @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."),
                     @ApiResponse(responseCode = "404", description = "The specified resource could not be found."),
                     @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it.")
+            },
+            security = {
+                    @SecurityRequirement(name = "Read - /policies/{resource}")
             }
     )
     public Response getAccessPolicyForResource(
@@ -187,18 +184,16 @@ public Response getAccessPolicyForResource(
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(
             summary = "Creates an access policy",
-            responses = @ApiResponse(content = @Content(schema = @Schema(implementation = AccessPolicyEntity.class))),
-            security = {
-                    @SecurityRequirement(name = "Write - /policies/{resource}")
-            }
-    )
-    @ApiResponses(
-            value = {
+            responses = {
+                    @ApiResponse(responseCode = "201", content = @Content(schema = @Schema(implementation = AccessPolicyEntity.class))),
                     @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
                     @ApiResponse(responseCode = "401", description = "Client could not be authenticated."),
                     @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."),
                     @ApiResponse(responseCode = "404", description = "The specified resource could not be found."),
                     @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it.")
+            },
+            security = {
+                    @SecurityRequirement(name = "Write - /policies/{resource}")
             }
     )
     public Response createAccessPolicy(
@@ -279,18 +274,16 @@ public Response createAccessPolicy(
     @Path("{id}")
     @Operation(
             summary = "Gets an access policy",
-            responses = @ApiResponse(content = @Content(schema = @Schema(implementation = AccessPolicyEntity.class))),
-            security = {
-                    @SecurityRequirement(name = "Read - /policies/{resource}")
-            }
-    )
-    @ApiResponses(
-            value = {
+            responses = {
+                    @ApiResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = AccessPolicyEntity.class))),
                     @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
                     @ApiResponse(responseCode = "401", description = "Client could not be authenticated."),
                     @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."),
                     @ApiResponse(responseCode = "404", description = "The specified resource could not be found."),
                     @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it.")
+            },
+            security = {
+                    @SecurityRequirement(name = "Read - /policies/{resource}")
             }
     )
     public Response getAccessPolicy(
@@ -335,18 +328,16 @@ public Response getAccessPolicy(
     @Path("{id}")
     @Operation(
             summary = "Updates a access policy",
-            responses = @ApiResponse(content = @Content(schema = @Schema(implementation = AccessPolicyEntity.class))),
-            security = {
-                    @SecurityRequirement(name = "Write - /policies/{resource}")
-            }
-    )
-    @ApiResponses(
-            value = {
+            responses = {
+                    @ApiResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = AccessPolicyEntity.class))),
                     @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
                     @ApiResponse(responseCode = "401", description = "Client could not be authenticated."),
                     @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."),
                     @ApiResponse(responseCode = "404", description = "The specified resource could not be found."),
                     @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it.")
+            },
+            security = {
+                    @SecurityRequirement(name = "Write - /policies/{resource}")
             }
     )
     public Response updateAccessPolicy(
@@ -426,19 +417,17 @@ public Response updateAccessPolicy(
     @Path("{id}")
     @Operation(
             summary = "Deletes an access policy",
-            responses = @ApiResponse(content = @Content(schema = @Schema(implementation = AccessPolicyEntity.class))),
-            security = {
-                    @SecurityRequirement(name = "Write - /policies/{resource}"),
-                    @SecurityRequirement(name = "Write - Policy of the parent resource - /policies/{resource}")
-            }
-    )
-    @ApiResponses(
-            value = {
+            responses = {
+                    @ApiResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = AccessPolicyEntity.class))),
                     @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
                     @ApiResponse(responseCode = "401", description = "Client could not be authenticated."),
                     @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."),
                     @ApiResponse(responseCode = "404", description = "The specified resource could not be found."),
                     @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it.")
+            },
+            security = {
+                    @SecurityRequirement(name = "Write - /policies/{resource}"),
+                    @SecurityRequirement(name = "Write - Policy of the parent resource - /policies/{resource}")
             }
     )
     public Response removeAccessPolicy(
 
@@ -16,17 +16,10 @@
  */
 package org.apache.nifi.web.api;
 
-import java.net.URI;
-import java.time.Instant;
-import java.util.Collections;
-import java.util.Optional;
-import java.util.UUID;
-
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -63,6 +56,12 @@
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
 import org.springframework.stereotype.Controller;
 
+import java.net.URI;
+import java.time.Instant;
+import java.util.Collections;
+import java.util.Optional;
+import java.util.UUID;
+
 /**
  * RESTful endpoint for managing access.
  */
@@ -97,10 +96,8 @@ public class AccessResource extends ApplicationResource {
             description = "The token returned is formatted as a JSON Web Token (JWT). The token is base64 encoded and comprised of three parts. The header, " +
                     "the body, and the signature. The expiration of the token is a contained within the body. It is stored in the browser as a cookie, but also returned in" +
                     "the response body to be stored/used by third party client scripts.",
-            responses = @ApiResponse(content = @Content(schema = @Schema(implementation = String.class)))
-    )
-    @ApiResponses(
-            value = {
+            responses = {
+                    @ApiResponse(responseCode = "201", content = @Content(schema = @Schema(implementation = String.class))),
                     @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
                     @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."),
                     @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it."),
@@ -158,10 +155,8 @@ public Response createAccessToken(
     @Path("/logout")
     @Operation(
             summary = "Performs a logout for other providers that have been issued a JWT.",
-            description = NON_GUARANTEED_ENDPOINT
-    )
-    @ApiResponses(
-            value = {
+            description = NON_GUARANTEED_ENDPOINT,
+            responses = {
                     @ApiResponse(responseCode = "200", description = "User was logged out successfully."),
                     @ApiResponse(responseCode = "401", description = "Authentication token provided was empty or not in the correct JWT format."),
                     @ApiResponse(responseCode = "500", description = "Client failed to log out."),
@@ -204,11 +199,9 @@ public Response logOut(@Context HttpServletRequest httpServletRequest, @Context
     @Path("/logout/complete")
     @Operation(
             summary = "Completes the logout sequence by removing the cached Logout Request and Cookie if they existed and redirects to /nifi/login.",
-            description = NON_GUARANTEED_ENDPOINT
-    )
-    @ApiResponses(
-            value = {
-                    @ApiResponse(responseCode = "200", description = "User was logged out successfully."),
+            description = NON_GUARANTEED_ENDPOINT,
+            responses = {
+                    @ApiResponse(responseCode = "302", description = "User was logged out successfully."),
                     @ApiResponse(responseCode = "401", description = "Authentication token provided was empty or not in the correct JWT format."),
                     @ApiResponse(responseCode = "500", description = "Client failed to log out."),
             }
 
@@ -16,15 +16,11 @@
  */
 package org.apache.nifi.web.api;
 
-import java.util.List;
-import java.util.Set;
-
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.ws.rs.Consumes;
@@ -57,6 +53,9 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 
+import java.util.List;
+import java.util.Set;
+
 /**
  * RESTful endpoint for managing a Connection.
  */
@@ -105,19 +104,17 @@ public ConnectionEntity populateRemainingConnectionEntityContent(ConnectionEntit
     @Path("/{id}")
     @Operation(
             summary = "Gets a connection",
-            responses = @ApiResponse(content = @Content(schema = @Schema(implementation = ConnectionEntity.class))),
-            security = {
-                    @SecurityRequirement(name = "Read Source - /{component-type}/{uuid}"),
-                    @SecurityRequirement(name = "Read Destination - /{component-type}/{uuid}")
-            }
-    )
-    @ApiResponses(
-            value = {
+            responses = {
+                    @ApiResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = ConnectionEntity.class))),
                     @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
                     @ApiResponse(responseCode = "401", description = "Client could not be authenticated."),
                     @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."),
                     @ApiResponse(responseCode = "404", description = "The specified resource could not be found."),
                     @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it.")
+            },
+            security = {
+                    @SecurityRequirement(name = "Read Source - /{component-type}/{uuid}"),
+                    @SecurityRequirement(name = "Read Destination - /{component-type}/{uuid}")
             }
     )
     public Response getConnection(
@@ -160,21 +157,19 @@ public Response getConnection(
     @Path("/{id}")
     @Operation(
             summary = "Updates a connection",
-            responses = @ApiResponse(content = @Content(schema = @Schema(implementation = ConnectionEntity.class))),
-            security = {
-                    @SecurityRequirement(name = "Write Source - /{component-type}/{uuid}"),
-                    @SecurityRequirement(name = "Write Destination - /{component-type}/{uuid}"),
-                    @SecurityRequirement(name = "Write New Destination - /{component-type}/{uuid} - if updating Destination"),
-                    @SecurityRequirement(name = "Write Process Group - /process-groups/{uuid} - if updating Destination")
-            }
-    )
-    @ApiResponses(
-            value = {
+            responses = {
+                    @ApiResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = ConnectionEntity.class))),
                     @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
                     @ApiResponse(responseCode = "401", description = "Client could not be authenticated."),
                     @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."),
                     @ApiResponse(responseCode = "404", description = "The specified resource could not be found."),
                     @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it.")
+            },
+            security = {
+                    @SecurityRequirement(name = "Write Source - /{component-type}/{uuid}"),
+                    @SecurityRequirement(name = "Write Destination - /{component-type}/{uuid}"),
+                    @SecurityRequirement(name = "Write New Destination - /{component-type}/{uuid} - if updating Destination"),
+                    @SecurityRequirement(name = "Write Process Group - /process-groups/{uuid} - if updating Destination")
             }
     )
     public Response updateConnection(
@@ -291,20 +286,18 @@ public Response updateConnection(
     @Path("/{id}")
     @Operation(
             summary = "Deletes a connection",
-            responses = @ApiResponse(content = @Content(schema = @Schema(implementation = ConnectionEntity.class))),
-            security = {
-                    @SecurityRequirement(name = "Write Source - /{component-type}/{uuid}"),
-                    @SecurityRequirement(name = "Write - Parent Process Group - /process-groups/{uuid}"),
-                    @SecurityRequirement(name = "Write Destination - /{component-type}/{uuid}")
-            }
-    )
-    @ApiResponses(
-            value = {
+            responses = {
+                    @ApiResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = ConnectionEntity.class))),
                     @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
                     @ApiResponse(responseCode = "401", description = "Client could not be authenticated."),
                     @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."),
                     @ApiResponse(responseCode = "404", description = "The specified resource could not be found."),
                     @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it.")
+            },
+            security = {
+                    @SecurityRequirement(name = "Write Source - /{component-type}/{uuid}"),
+                    @SecurityRequirement(name = "Write - Parent Process Group - /process-groups/{uuid}"),
+                    @SecurityRequirement(name = "Write Destination - /{component-type}/{uuid}")
             }
     )
     public Response deleteConnection(