我们在Jersey应用中使用@RolesAllowed注释来限制用户访问API的某些部分。我们如何在SwaggerUI中显示这些信息?
到目前为止,我已使用@ApiOperation注释方法显示输入/输出参数并尝试使用@ Authorization / @ AuthorizationScope,但我只是设法显示oauth2,我们不知道使用。最接近案例的是ApiKeyAuthDefinition,但它并没有显示在UI中。
答案 0 :(得分:0)
我不熟悉您用来生成Swagger的框架,但在我使用的工具中,您必须在文档的"securityDefinitions" root node中指定它,然后为每个使用的方法引用该定义它
我的Swagger 2.0 JSON片段:
"securityDefinitions":{
"dapiOAuth2":{
"type":"oauth2",
"description":"OAuth2 security protocol used by this API. Only one of the scopes that are listed for an endpoint are required to make the request.",
"flow":"application",
"authorizationUrl":"https://login.roguecommerce.com/Login",
"tokenUrl":"https://login.roguecommerce.com/sso/oAuth2/token",
"scopes":{
"RegisteredUser":"Assigned to users of an application if they are registered.",
"Admin":"Assigned to the users of an application if they are an administrator. This role can only be granted by an existing administrator"
}
}
}
这是您在路径中引用此securityDefinition的方式:
"paths":{
"/v1/apis":{
"post":{
"tags":[
"Apis"
],
"operationId":"Apis_CreateApiFromSwagger",
"consumes":[
"application/json",
"text/json",
"application/xml",
"text/xml",
"application/x-www-form-urlencoded"
],
"produces":[
"application/json",
"text/json",
"application/xml",
"text/xml"
],
"parameters":[
{
"name":"api",
"in":"body",
"required":true,
"schema":{
"$ref":"#/definitions/DynamicApis.Services.Rest.Entities.Api"
}
},
{
"name":"authorization",
"in":"header",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"OK",
"schema":{
"$ref":"#/definitions/DynamicApis.Services.Rest.Entities.ApiBase"
}
}
},
"deprecated":false,
"security":[
{
"dapiOAuth2":[
"admin"
]
}
]
}
}
}
希望这有帮助。