我已经集成了Swagger,使用Spring Boot为Spring REST应用程序生成API文档。它运行良好,当我点击 URL 时,我可以看到生成的 API 文档:http://localhost:8080/test/swagger-ui.html 我的问题是如何限制对 API 的访问?基于硬编码用户名和密码的基本身份验证至少应该足够好。我使用 maven 添加了"swagger2"依赖项。
这是绒球.xml:
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.7.0</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.7.0</version>
</dependency>
这是招摇的配置:
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("com.eeocd.test.ws.resource"))
.build();
}
}
您可以通过向 Docket 对象添加 securityScheme 和 securityContext 来启用身份验证。
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("com.eeocd.test.ws.resource"))
.build()
.securitySchemes(newArrayList(basicAuth()))
.securityContexts(newArrayList(securityContext()));
}
private BasicAuth basicAuth() {
BasicAuth ba = new BasicAuth("basic");
return ba;
}
private SecurityContext securityContext() {
return SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(apiPaths())
.build();
}
private List<SecurityReference> defaultAuth() {
AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
authorizationScopes[0] = authorizationScope;
return newArrayList(new SecurityReference("basic", authorizationScopes));
}
private Predicate<String> apiPaths() {
return or(regex("/api/v1.*")
);
}
}