Java爬坑 -- SpringBoot + Swagger2 整合遇到的权限问题
问题一 : 项目除了登录之外,其他接口都需要认证权限
通过度娘和谷歌发现有两种方式可以解决:
1. 通过给每一个接口配置一个全局的认证参数:
1 package com.dongsport.configuration; 2 3 import org.springframework.context.annotation.Bean; 4 import org.springframework.context.annotation.Configuration; 5 import org.springframework.web.context.request.async.DeferredResult; 6 import springfox.documentation.builders.ApiInfoBuilder; 7 import springfox.documentation.builders.ParameterBuilder; 8 import springfox.documentation.builders.PathSelectors; 9 import springfox.documentation.schema.ModelRef; 10 import springfox.documentation.service.ApiInfo; 11 import springfox.documentation.service.Contact; 12 import springfox.documentation.service.Parameter; 13 import springfox.documentation.spi.DocumentationType; 14 import springfox.documentation.spring.web.plugins.Docket; 15 import springfox.documentation.swagger2.annotations.EnableSwagger2; 16 17 import java.util.ArrayList; 18 import java.util.List; 19 20 /** 21 * @ClassName SwaggerConfigurer 22 * @Description Swagger2 配置文件 23 * @Author Q_先生 24 * @Date 2018/4/27 15:01 25 **/ 26 @Configuration 27 @EnableSwagger2 28 public class SwaggerConfiguration { 29 @Bean 30 public Docket createRestApi() { 31 32 //添加head参数start 33 ParameterBuilder tokenPar = new ParameterBuilder(); 34 List<Parameter> pars = new ArrayList<>(); 35 tokenPar.name("Authorization") 36 .description("令牌(登录后获取令牌)") 37 .modelRef(new ModelRef("string")) 38 .parameterType("header") 39 .required(false) 40 .build(); 41 pars.add(tokenPar.build()); 42 //添加head参数end 43 44 return new Docket(DocumentationType.SWAGGER_2) 45 .genericModelSubstitutes(DeferredResult.class) 46 .useDefaultResponseMessages(false) 47 .forCodeGeneration(false) 48 .pathMapping("") 49 .select() 50 // TODO 如果是线上环境,添加路径过滤,设置为全部都不符合 51 // .paths(PathSelectors.none()) 52 .build() 53 .globalOperationParameters(pars) 54 .apiInfo(productApiInfo()); 55 } 56 57 private ApiInfo productApiInfo() { 58 return new ApiInfoBuilder() 59 .title("使用Swagger2构建RESTful APIs") 60 .description("物华天宝 , 龙光射牛斗之墟 \r" + 61 "人杰地灵 , 徐孺下陈蕃之榻") 62 .termsOfServiceUrl("www.baidu.com") 63 .contact(new Contact("Q_先生", "www.baidu.com", "邮箱")) 64 .version("1.0") 65 .build(); 66 } 67 }
2.使用SecurityScheme和SecurityContext支持配置Swagger以访问我们的安全API :
1 package com.dongsport.configuration; 2 3 import org.springframework.context.annotation.Bean; 4 import org.springframework.context.annotation.Configuration; 5 import springfox.documentation.builders.ApiInfoBuilder; 6 import springfox.documentation.builders.PathSelectors; 7 import springfox.documentation.builders.RequestHandlerSelectors; 8 import springfox.documentation.service.*; 9 import springfox.documentation.spi.DocumentationType; 10 import springfox.documentation.spi.service.contexts.SecurityContext; 11 import springfox.documentation.spring.web.plugins.Docket; 12 import springfox.documentation.swagger2.annotations.EnableSwagger2; 13 14 import java.util.List; 15 16 import static com.google.common.collect.Lists.newArrayList; 17 18 /** 19 * @ClassName SwaggerConfigurer 20 * @Description Swagger2 配置文件 21 * @Author Q_先生 22 * @Date 2018/4/27 15:01 23 **/ 24 @Configuration 25 @EnableSwagger2 26 public class SwaggerConfiguration { 27 28 @Bean 29 public Docket createRestApi() { 30 31 return new Docket(DocumentationType.SWAGGER_2). 32 useDefaultResponseMessages(false) 33 .select() 34 .apis(RequestHandlerSelectors.any()) 35 .paths(PathSelectors.regex("^(?!auth).*$")) 36 .build() 37 .apiInfo(productApiInfo()) 38 .securitySchemes(securitySchemes()) 39 .securityContexts(securityContexts()) 40 ; 41 42 } 43 44 private List<ApiKey> securitySchemes() { 45 return newArrayList( 46 new ApiKey("Authorization", "Authorization", "header")); 47 } 48 49 private List<SecurityContext> securityContexts() { 50 return newArrayList( 51 SecurityContext.builder() 52 .securityReferences(defaultAuth()) 53 .forPaths(PathSelectors.regex("^(?!auth).*$")) 54 .build() 55 ); 56 } 57 58 List<SecurityReference> defaultAuth() { 59 AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything"); 60 AuthorizationScope[] authorizationScopes = new AuthorizationScope[1]; 61 authorizationScopes[0] = authorizationScope; 62 return newArrayList( 63 new SecurityReference("Authorization", authorizationScopes)); 64 } 65 66 private ApiInfo productApiInfo() { 67 return new ApiInfoBuilder() 68 .title("使用Swagger2构建RESTful APIs") 69 .description("物华天宝 , 龙光射牛斗之墟 \r" + 70 "人杰地灵 , 徐孺下陈蕃之榻") 71 .termsOfServiceUrl("www.baidu.com") 72 .contact(new Contact("Q_先生", "www.baidu.com", "邮箱")) 73 .version("1.0") 74 .build(); 75 } 76 }
会出现一个Authorization的图标
点击Authorization 后出现一个弹框 , 你登录之后回去到你的票据填到这里,, 带权限的接口就可以访问了
问题二 : 如何给http://localhost:8081/swagger-ui.html接口地址ui也加上权限,如果别人知道你服务器地址就可以直接访问了
等解决了在修正...................留个坑
本文参考:http://www.leftso.com/blog/393.html
感谢大神的分享
Spring Boot Security Swagger2整合生成安全的在线REST API文档 SpringMVC也可参考