我有使用 Spring MVC 实现的简单 REST 服务。我决定用 Springfox 和 Swagger 2.0 来描述它们。一切似乎都很好,直到我开始添加安全模式和上下文。我对某些端点使用 HTTP 基本身份验证,对其他端点使用基于令牌的身份验证。无论我做什么,我都看不到任何用于设置 HTTP Basic 身份验证凭据或在 Swagger UI 中指定令牌的选项。以下是我的配置。为了简单起见,我将这两种模式应用于此处的所有端点。
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Bean
public Docket apiV1() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.any())
.paths(PathSelectors.any())
.build()
.pathMapping("/api/v1")
.securitySchemes(newArrayList(new BasicAuth("xBasic"),
new ApiKey("X-Auth-Token", "xAuthToken", "header")))
.securityContexts(newArrayList(xBasicSecurityContext(), xAuthTokenSecurityContext()))
}
private SecurityContext xBasicSecurityContext() {
SecurityContext.builder()
.securityReferences(newArrayList(new SecurityReference("xBasic",
new AuthorizationScope[0])))
.build()
}
private SecurityContext xAuthTokenSecurityContext() {
SecurityContext.builder()
.securityReferences(newArrayList(new SecurityReference("xAuthToken",
new AuthorizationScope[0])))
.build()
}
我尝试过这种方法:拆分 Docket 配置。它还迫使我将 API 分成两组(和包),但最终这是一个很好的架构决策。
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Bean
public Docket authTokenSecuredApi() {
return new Docket(DocumentationType.SWAGGER_2)
.groupName("authTokenGroup") // 2 Dockets -> need to differ using groupName
.select()
.apis(RequestHandlerSelectors.basePackage("cz.bank.controller.package1"))
.paths(PathSelectors.any())
.build()
.securitySchemes(Collections.singletonList(new ApiKey("X-Auth-Token",
"xAuthToken",
"header")))
.securityContexts(Collections.singletonList(xAuthTokenSecurityContext()));
}
@Bean
public Docket basicAuthSecuredApi() {
return new Docket(DocumentationType.SWAGGER_2)
.groupName("basicAuthGroup") // 2 Dockets -> need to differ using groupName
.select()
.apis(RequestHandlerSelectors.basePackage("cz.bank.controller.package2"))
.paths(PathSelectors.any())
.build()
.securitySchemes(Collections.singletonList(new BasicAuth("xBasic")))
.securityContexts(Collections.singletonList(xBasicSecurityContext()));
}
private SecurityContext xBasicSecurityContext() {
return SecurityContext.builder()
.securityReferences(Collections.singletonList(
new SecurityReference("xBasic",
new AuthorizationScope[0])))
.build();
}
private SecurityContext xAuthTokenSecurityContext() {
return SecurityContext.builder()
.securityReferences(Collections.singletonList(
new SecurityReference("xAuthToken",
new AuthorizationScope[0])))
.build();
}
}
说实话,我更愿意直接在控制器中配置授权,使用authorizations
的属性@ApiOperation
or @Api
Swagger 注释。但根据this https://github.com/springfox/springfox/issues/2482springfox“功能”,它不起作用@Api
注释,这会导致将其复制到每个@ApiOperation
这会导致不整洁、讨厌、丑陋、有罪的代码:-)
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)