问题
I have integrated Swagger to generate API documentation for Spring REST application using Spring Boot. It works well, I could see the generated API documentation when I hit the URL : http://localhost:8080/test/swagger-ui.html My question is how can I restrict the access to the API? Basic authentication based on hardcoded username and password should be good enough for at least to start with. I used maven to add "swagger2" dependency.
Here is the pom.xml:
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.7.0</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.7.0</version>
</dependency>
Here is the swagger config:
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("com.eeocd.test.ws.resource"))
.build();
}
}
回答1:
You can enable authentication by adding a securityScheme and securityContext to the Docket object.
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("com.eeocd.test.ws.resource"))
.build()
.securitySchemes(newArrayList(basicAuth()))
.securityContexts(newArrayList(securityContext()));
}
private BasicAuth basicAuth() {
BasicAuth ba = new BasicAuth("basic");
return ba;
}
private SecurityContext securityContext() {
return SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(apiPaths())
.build();
}
private List<SecurityReference> defaultAuth() {
AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
authorizationScopes[0] = authorizationScope;
return newArrayList(new SecurityReference("basic", authorizationScopes));
}
private Predicate<String> apiPaths() {
return or(regex("/api/v1.*")
);
}
}
来源:https://stackoverflow.com/questions/51883118/how-to-provide-authentication-in-swagger-api-on-spring-boot-application