我有一个Java EE 8应用程序,其中我使用OpenAPI注释来定义我的REST端点并自动生成Swagger UI。对于身份验证,我使用JSON Web Tokens (JWT(。
当我从邮递员发送请求时,一切正常,但是,我不知道如何将持有者令牌的字段添加到我的 Swagger UI 中。
我正在使用@SecurityScheme注释来定义我的安全方案:
@SecurityScheme(
securitySchemeName = "JWT",
description = "JWT authentication with bearer token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "Bearer [token]"
)
public class ApplicationConfig extends Application {
}
我尝试将此方案作为@SecurityRequirement添加到我的资源的@OpenAPIDefinition注释中,并直接添加到我的方法中。
@Path("/items")
@OpenAPIDefinition(
info = @Info(title = "Items resource", version = "v1"),
security = @SecurityRequirement(name = "JWT")
)
@Transactional(value = TxType.REQUIRES_NEW)
@Interceptors({RolesAllowedInterceptor.class})
@SecurityScheme(
securitySchemeName = "JWT",
description = "JWT authentication with bearer token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "Bearer [token]"
)
public class ItemsResource {
(...)
@GET
@Operation(description = "Returns the item list overview")
@APIResponse(responseCode = "200", description = "Valid response")
@APIResponse(responseCode = "401", description = "Authentication required")
@APIResponse(responseCode = "500", description = "Unexpected exception")
@Produces({MediaType.APPLICATION_JSON})
@SecurityRequirement(name ="JWT", scopes = "write: read")
@RolesAllowed({Constants.USER_ROLE_EXPERT})
public Response getItemListOverview() throws TechnicalException {
ItemListOverviewVO itemListOverviewVO = logic.getItemListOverview();
return Response.status(Status.OK).entity(itemListOverviewVO).build();
}
所以我现在在我的 OpenAPI JSON 文件中有security信息,但 UI 中仍然没有授权参数的字段。
我还发现,旧的 Swagger API 中曾经有一个@ApiImplicitParameter注释(请参阅 Swagger UI 将身份验证令牌传递给标头中的 API 调用(,但似乎它已从 OpenAPI 中删除。
所以我尝试改用@HeaderParam(请参阅泽西岛项目 Swagger-UI 在发送@PathParam时不发送@HeaderParam(:
public Response getItemListOverview(@HeaderParam("Authorization") String bearerToken) throws TechnicalException {
现在我的 UI 中有一个授权字段,但是当我测试端点时,请求没有授权标头。我在浏览器的网络分析中看不到它。
到目前为止,OpenAPI文档几乎没有帮助。我在这里错过了什么吗?
关键是在@Components()中嵌入@SecurityScheme注解,并将其作为参数传递给@OpenAPIDefinition注解:
@OpenAPIDefinition(
info = @Info(title = "My application", version = "1.0.0"),
servers = {@Server(url = "/myapp", description = "localhost") },
security = @SecurityRequirement(name = "JWT"),
components = @Components(securitySchemes = @SecurityScheme(
securitySchemeName = "JWT",
description = "JWT authentication with bearer token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "Bearer [token]"))
)
public class ApplicationConfig extends Application {
}
可能是发布时事情有点混乱。我将在这里放一些对我有用的东西:
@OpenAPIDefinition(info = @Info(title = "Example API", version = "v1"))
@SecuritySchemes(@SecurityScheme(
name = "JWT",
description = "JWT authentication with bearer token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "Bearer [token]"))
public interface ExampleResource {
@DELETE
@Path("/example")
@Operation(summary = "Example Summary", tags = "Example Tag",security =
@SecurityRequirement(name = "JWT"))
Response exampleMethod();
}
相关进口:
import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.enums.ParameterIn;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.security.SecurityScheme;
import io.swagger.v3.oas.annotations.security.SecuritySchemes;