小贝子编程

如何在 Spring Boot 应用程序的 Swagger API 中提供身份验证



我已经集成了Swagger,使用Spring Boot为Spring REST应用程序生成API文档。它运行良好,当我点击 URL 时,我可以看到生成的 API 文档:http://localhost:8080/test/swagger-ui.html 我的问题是如何限制对 API 的访问?基于硬编码用户名和密码的基本身份验证至少应该足够好。我使用 maven 添加了"swagger2"依赖项。

这是绒球.xml:

<dependency>                                                                           
<groupId>io.springfox</groupId>                                                      
<artifactId>springfox-swagger2</artifactId>                                          
<version>2.7.0</version>                                                             
</dependency>                                                                          
<dependency>                                                                           
<groupId>io.springfox</groupId>                                                      
<artifactId>springfox-swagger-ui</artifactId>                                        
<version>2.7.0</version>                                                             
</dependency>

这是招摇的配置:

@Configuration                                                                         
@EnableSwagger2                                                                        
public class SwaggerConfig {                                                           
@Bean                                                                              
public Docket api() {                                                              
return new Docket(DocumentationType.SWAGGER_2)                                 
.select()                                                                    
.apis(RequestHandlerSelectors.basePackage("com.eeocd.test.ws.resource"))     
.build();                                                                    
}                                                                                  
}

您可以通过向 Docket 对象添加 securityScheme 和 securityContext 来启用身份验证。

@Configuration                                                                         
@EnableSwagger2                                                                        
public class SwaggerConfig {                                                           
@Bean                                                                              
public Docket api() {                                                              
return new Docket(DocumentationType.SWAGGER_2)                                 
.select()                                                                    
.apis(RequestHandlerSelectors.basePackage("com.eeocd.test.ws.resource"))     
.build()
.securitySchemes(newArrayList(basicAuth()))
.securityContexts(newArrayList(securityContext()));                                                                    
}
private BasicAuth basicAuth() {
BasicAuth ba = new BasicAuth("basic");
return ba;
}
private SecurityContext securityContext() {
return SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(apiPaths())
.build();
}
private List<SecurityReference> defaultAuth() {
AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
authorizationScopes[0] = authorizationScope;
return newArrayList(new SecurityReference("basic", authorizationScopes));
}

private Predicate<String> apiPaths() {
return or(regex("/api/v1.*")
);
}
}

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium