如何在Sping Boot 应用程序的Swagger API中提供身份验证

kd3sttzy  于 2022-12-04  发布在  其他
关注(0)|答案(1)|浏览(139)

我已经集成了Swagger来使用Sping Boot 为Spring REST应用程序生成API文档。它运行得很好,当我点击URL时,我可以看到生成的API文档:http://localhost:8080/test/swagger-ui.html我的问题是如何限制对API的访问?基于硬编码的用户名和密码的基本身份验证应该足够好了,至少可以开始使用。我使用maven添加了“swagger2”依赖项。
下面是pom.xml:

<dependency>                                                                           
    <groupId>io.springfox</groupId>                                                      
    <artifactId>springfox-swagger2</artifactId>                                          
    <version>2.7.0</version>                                                             
</dependency>                                                                          
<dependency>                                                                           
    <groupId>io.springfox</groupId>                                                      
    <artifactId>springfox-swagger-ui</artifactId>                                        
    <version>2.7.0</version>                                                             
</dependency>

下面是swagger配置:

@Configuration                                                                         
@EnableSwagger2                                                                        
public class SwaggerConfig {                                                           
    @Bean                                                                              
    public Docket api() {                                                              
        return new Docket(DocumentationType.SWAGGER_2)                                 
          .select()                                                                    
          .apis(RequestHandlerSelectors.basePackage("com.eeocd.test.ws.resource"))     
          .build();                                                                    
    }                                                                                  
}
yyhrrdl8

yyhrrdl81#

您可以通过向Docket对象添加securityScheme和securityContext来启用身份验证。

@Configuration                                                                         
@EnableSwagger2                                                                        
public class SwaggerConfig {                                                           
    @Bean                                                                              
    public Docket api() {                                                              
        return new Docket(DocumentationType.SWAGGER_2)                                 
          .select()                                                                    
          .apis(RequestHandlerSelectors.basePackage("com.eeocd.test.ws.resource"))     
          .build()
          .securitySchemes(newArrayList(basicAuth()))
          .securityContexts(newArrayList(securityContext()));                                                                    
    }
private BasicAuth basicAuth() {
    BasicAuth ba = new BasicAuth("basic");
    return ba;
}

private SecurityContext securityContext() {
    return SecurityContext.builder()
            .securityReferences(defaultAuth())
            .forPaths(apiPaths())
            .build();
}

private List<SecurityReference> defaultAuth() {
    AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
    AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
    authorizationScopes[0] = authorizationScope;
    return newArrayList(new SecurityReference("basic", authorizationScopes));
}


private Predicate<String> apiPaths() {
        return or(regex("/api/v1.*")
        );

    }

}

相关问题