1. 技术文章
  2. How to provide authentication in Swagger API on Spring Boot application

How to provide authentication in Swagger API on Spring Boot application

牧云@^-^@ 提交于 2021-01-27 13:10:56

问题


I have integrated Swagger to generate API documentation for Spring REST application using Spring Boot. It works well, I could see the generated API documentation when I hit the URL : http://localhost:8080/test/swagger-ui.html My question is how can I restrict the access to the API? Basic authentication based on hardcoded username and password should be good enough for at least to start with. I used maven to add "swagger2" dependency.

Here is the pom.xml:

<dependency>                                                                           
    <groupId>io.springfox</groupId>                                                      
    <artifactId>springfox-swagger2</artifactId>                                          
    <version>2.7.0</version>                                                             
</dependency>                                                                          
<dependency>                                                                           
    <groupId>io.springfox</groupId>                                                      
    <artifactId>springfox-swagger-ui</artifactId>                                        
    <version>2.7.0</version>                                                             
</dependency>

Here is the swagger config: 

@Configuration                                                                         
@EnableSwagger2                                                                        
public class SwaggerConfig {                                                           
    @Bean                                                                              
    public Docket api() {                                                              
        return new Docket(DocumentationType.SWAGGER_2)                                 
          .select()                                                                    
          .apis(RequestHandlerSelectors.basePackage("com.eeocd.test.ws.resource"))     
          .build();                                                                    
    }                                                                                  
}

回答1:


You can enable authentication by adding a securityScheme and securityContext to the Docket object.

@Configuration                                                                         
@EnableSwagger2                                                                        
public class SwaggerConfig {                                                           
    @Bean                                                                              
    public Docket api() {                                                              
        return new Docket(DocumentationType.SWAGGER_2)                                 
          .select()                                                                    
          .apis(RequestHandlerSelectors.basePackage("com.eeocd.test.ws.resource"))     
          .build()
          .securitySchemes(newArrayList(basicAuth()))
          .securityContexts(newArrayList(securityContext()));                                                                    
    }
private BasicAuth basicAuth() {
    BasicAuth ba = new BasicAuth("basic");
    return ba;
}

private SecurityContext securityContext() {
    return SecurityContext.builder()
            .securityReferences(defaultAuth())
            .forPaths(apiPaths())
            .build();
}

private List<SecurityReference> defaultAuth() {
    AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
    AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
    authorizationScopes[0] = authorizationScope;
    return newArrayList(new SecurityReference("basic", authorizationScopes));
}



private Predicate<String> apiPaths() {
        return or(regex("/api/v1.*")
        );

    }

}


来源:https://stackoverflow.com/questions/51883118/how-to-provide-authentication-in-swagger-api-on-spring-boot-application

标签
swagger
swagger-2.0
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!