我想使用org.apache.cxf.jaxrs.swagger.Swagger2Feature将安全定义添加到我的休息服务。但是,我看不到任何相关方法或任何资源如何做到这一点。下面是我想用swagger2feature生成的swagger文档。我该怎么办?
swagger: '2.0'
info:
version: 1.0.0
title: Based on "Basic Auth Example"
description: >
An example for how to use Auth with Swagger.
host: basic-auth-server.herokuapp.com
schemes:
- http
- https
securityDefinitions:
Bearer:
type: apiKey
name: Authorization
in: header
paths:
/:
get:
security:
- Bearer: []
responses:
'200':
description: 'Will send `Authenticated`'
'403':
description: 'You do not have necessary permissions for the resource'
答案 0 :(得分:1)
我遇到了同样的问题,我无法找到适合CXF及其api的解决方案。我的解决方案如下,创建一个扩展CXF的Swagger2Feature的类,以覆盖addSwaggerResource方法,以绑定安全性定义:
/** Name of the security definition */
public static final String SECURITY_NAME = "Bearer";
/** Extends the Swagger2Feature to use the security definition of Swagger */
@Provider(value = Provider.Type.Feature, scope = Provider.Scope.Server)
public class ExtendedSwagger2Feature extends Swagger2Feature {
@Override
protected void addSwaggerResource(Server server, Bus bus) {
super.addSwaggerResource(server, bus);
BeanConfig config = (BeanConfig) ScannerFactory.getScanner();
Swagger swagger = config.getSwagger();
swagger.securityDefinition(SECURITY_NAME, new ApiKeyAuthDefinition("authorization", In.HEADER));
}
}
然后,由于 Swagger 实例在被swagger api加载后被修改,你应该重新注册"它在servlet的上下文中(据我所知,当我浏览swagger的代码时)。看看 io.swagger.jaxrs.config.SwaggerContextService 。为此,我必须在我的servlet上下文中创建一个新的 ServletContextInitializer :
return servletContext -> {
BeanConfig scanner = (BeanConfig) ScannerFactory.getScanner();
Swagger swagger = scanner.getSwagger();
servletContext.setAttribute("swagger", swagger);
};
在上下文中,先前使用安全定义修改的 Swagger 配置允许swagger api正确地考虑它。如果没有这个,我们的扩展Swagger2Feature将无效。
通过这些更改,我能够获得一个swagger.yaml文件作为您期望的文件,尤其是以下部分:
securityDefinitions:
Bearer:
type: apiKey
name: Authorization
in: header
我在Spring Boot应用程序中使用此解决方案,这是我完全的swagger配置类,以防它帮助某人:
package my.package.configuration;
import io.swagger.config.ScannerFactory;
import io.swagger.core.filter.AbstractSpecFilter;
import io.swagger.jaxrs.config.BeanConfig;
import io.swagger.model.ApiDescription;
import io.swagger.models.Operation;
import io.swagger.models.Swagger;
import io.swagger.models.auth.ApiKeyAuthDefinition;
import io.swagger.models.auth.In;
import org.apache.cxf.Bus;
import org.apache.cxf.annotations.Provider;
import org.apache.cxf.endpoint.Server;
import org.apache.cxf.jaxrs.swagger.Swagger2Feature;
import org.springframework.boot.web.servlet.ServletContextInitializer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import java.util.List;
import java.util.Map;
/**
* Configuration of the Swagger API to enable it with CXF.
*/
@Configuration
public class SwaggerConfiguration {
/** Name of the security definition */
public static final String SECURITY_NAME = "Bearer";
@Bean
public Swagger2Feature swagger() {
Swagger2Feature feature = new ExtendedSwagger2Feature();
// Do your stuff with the configuration
return feature;
}
/**
* Register a custom {@link ServletContextInitializer} in the cxf servlet to expose the custom {@link Swagger2Feature}
* otherwise the security definition added in the {@link ExtendedSwagger2Feature#addSwaggerResource} will not be
* used by the swagger api because the original hook occurs during the super call.
*
* @see io.swagger.jaxrs.config.SwaggerContextService
* @see org.apache.cxf.jaxrs.spring.SpringComponentScanServer
*
* @return a new instance of the {@link ServletContextInitializer}
*/
@Bean
@DependsOn("jaxRsServer")
public ServletContextInitializer initializer() {
return servletContext -> {
BeanConfig scanner = (BeanConfig) ScannerFactory.getScanner();
Swagger swagger = scanner.getSwagger();
servletContext.setAttribute("swagger", swagger);
};
}
/**
* Extension of the {@link Swagger2Feature} because the one provided by CXF doesn't allow to use
* feature of the Swagger API such as the security definition. This feature use the {@link ApiKeyAuthDefinition}
* to transport the authorization header required by the application.
*/
@Provider(value = Provider.Type.Feature, scope = Provider.Scope.Server)
public static class ExtendedSwagger2Feature extends Swagger2Feature {
@Override
protected void addSwaggerResource(Server server, Bus bus) {
super.addSwaggerResource(server, bus);
BeanConfig config = (BeanConfig) ScannerFactory.getScanner();
Swagger swagger = config.getSwagger();
swagger.securityDefinition(SECURITY_NAME, new ApiKeyAuthDefinition("authorization", In.HEADER));
}
}
}
答案 1 :(得分:0)
我没有使用Spring Boot,但我复制了@Naoj的方法。 (谢谢!)
对于那些不在Spring Boot上的人,可以在一个在CXF servlet之后加载的启动servlet中完成此操作。如果只是在抓取时修改了Swagger实例,也可以避免扩展类。
所以在web.xml中:
<servlet>
<servlet-name>SwaggerServlet</servlet-name>
<servlet-class>my.package.configuration.SwaggerStartupServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
然后是servlet代码:
/** Name of the security definition */
public static final String SECURITY_NAME = "Bearer";
@Override
public void init(final ServletConfig config) throws ServletException
{
BeanConfig scanner = (BeanConfig) ScannerFactory.getScanner();
Swagger swagger = scanner.getSwagger();
swagger.securityDefinition(SECURITY_NAME, new ApiKeyAuthDefinition("Authorization", In.HEADER));
config.getServletContext().setAttribute("swagger", swagger);
}