如何在Swagger UI中为Spring的端点显示所需的用户角色(访问控制信息)?
我在Spring中制作了一个休息api,并使用Swagger进行文档编制。最近实现了基于令牌的认证。在令牌中,有(内部)用户的角色(权限)。每个控制器都注释了几个Swagger注释和一个@PreAuthorize(some roles..),如下所示:
@ApiOperation("Delete user")
@ApiResponses(value = {
@ApiResponse(code = 404, message = "User not found", response = ErrorResponse.class)
})
@PreAuthorize("hasAuthority('ADMIN')")
@DeleteMapping(value = "/{id}")
public ResponseEntity<?> deleteUser(@PathVariable UUID id) {
userService.delete(id);
return ResponseEntity.ok().build();
}
现在,我不知道如何在我的swagger-ui中显示这些角色,因此每个端点都有信息,访问它需要哪些用户角色。我浏览过互联网,发现只有一些非常模糊的信息,大部分内容都与春天无关。
注意:
我尝试使用笔记:@ApiOperation(value = "Delete user", notes = "Required roles: ADMIN, USER")来显示自定义文字,但这似乎不太合适。
4 个答案:
答案 0 :(得分:1)
受blog.codecentric.de/2018/11/springfoxswaggerextension文章中的解决方案启发
在我们的例子中,我们的控制器由@Secured注释修饰
@Secured(“ ROLE_Admin”)
我们添加了OperationNotesResourcesReader组件来为@ApiRoleAccessNotes添加评估。
这里是完整的解决方案。
控制器
@ApiRoleAccessNotes
@Secured("ROLE_Admin")
@PostMapping
public ResponseEntity<ResponseRestDTO> createVersion(@RequestBody DraftVersionCreateDTO dto) {
return ResponseEntity.ok()
.body(ResponseRestDTO.builder().data(versionService.createVersion(dto))
.message(messageService.get("version.create.ok")).build());
}
新注释
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface ApiRoleAccessNotes {
}
然后使用OperationNotesResourcesReader
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.annotation.Secured;
import org.springframework.stereotype.Component;
import com.google.common.base.Optional;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spi.service.contexts.OperationContext;
import springfox.documentation.spring.web.DescriptionResolver;
import springfox.documentation.swagger.common.SwaggerPluginSupport;
@Component
@Order(SwaggerPluginSupport.SWAGGER_PLUGIN_ORDER)
public class OperationNotesResourcesReader
implements springfox.documentation.spi.service.OperationBuilderPlugin {
private final DescriptionResolver descriptions;
final static Logger logger = LoggerFactory.getLogger(OperationNotesResourcesReader.class);
@Autowired
public OperationNotesResourcesReader(DescriptionResolver descriptions) {
this.descriptions = descriptions;
}
@Override
public void apply(OperationContext context) {
try {
Optional<ApiRoleAccessNotes> methodAnnotation =
context.findAnnotation(ApiRoleAccessNotes.class);
if (!methodAnnotation.isPresent()) {
// the REST Resource does not have the @ApiRoleAccessNotes annotation -> ignore
return;
}
String apiRoleAccessNoteText;
// get @Secured annotation
Optional<Secured> securedAnnotation = context.findAnnotation(Secured.class);
if (!securedAnnotation.isPresent()) {
apiRoleAccessNoteText = "Accessible by all user roles";
} else {
apiRoleAccessNoteText = "Accessible by users having one of the following roles: ";
Secured secure = securedAnnotation.get();
for (String role : secure.value()) {
// add the roles to the notes. Use Markdown notation to create a list
apiRoleAccessNoteText = apiRoleAccessNoteText + "\n * " + String.join("\n * ", role);
}
}
// add the note text to the Swagger UI
context.operationBuilder().notes(descriptions.resolve(apiRoleAccessNoteText));
} catch (Exception e) {
logger.error("Error when creating swagger documentation for security roles: " + e);
}
}
@Override
public boolean supports(DocumentationType delimiter) {
return SwaggerPluginSupport.pluginDoesApply(delimiter);
}
}
答案 1 :(得分:0)
如果您需要显示所有终结点的角色,则无需在上方创建“ Custome Annotations”和所有这些角色。
只需创建“ OperationNotesResourcesReader”类即可。
样品控制器类:
@PostMapping("/api/user")
@ResponseStatus(HttpStatus.CREATED)
@PreAuthorize(value = "hasAuthority('" + ROOT_ORG_ADMIN + "')")
@ApiOperation("Create new Organisation")
@Authorization(value = ROOT_ORG_ADMIN)
public ResponseEntity<APIResponse<Data>> create(@Valid @RequestBody OrganisationCreateRequest createRequest, BindingResult bindingResult, HttpServletRequest request) {
RequestContext requestContext = wiseconnectSecurityContextProvider.getRequestContext();
LOGGER.debug("Create Organisation request received");
if (bindingResult.hasErrors()) {
LOGGER.error(INPUT_VALIDATION_ERROR);
throw new ControllerException(bindingResult, INPUT_VALIDATION_ERROR);
}
OrganisationView organisationView = organisationService.createOrganisation(createRequest, requestContext);
LOGGER.debug("Created Organisation {} successfully", organisationView.getId());
APIResponse<Data> apiResponse = new APIResponse<>(CREATE_SUCCESS, "Organisation Created", new Data(organisationView.getId()));
return new ResponseEntity<>(apiResponse, HttpStatus.CREATED);
}
然后按如下所示创建“ OperationNotesResourcesReader”类
@Component
@Order(SwaggerPluginSupport.SWAGGER_PLUGIN_ORDER)
@Slf4j // or LOGGER
public class OperationNotesResourcesReader implements springfox.documentation.spi.service.OperationBuilderPlugin {
private final DescriptionResolver descriptions;
@Autowired
public OperationNotesResourcesReader(DescriptionResolver descriptions) {
this.descriptions = descriptions;
}
@Override
public void apply(OperationContext context) {
try {
String apiRoleAccessNoteText = "Endpoint Access Privilieges & Ruels : Nil";
Optional<PreAuthorize> preAuthorizeAnnotation = context.findAnnotation(PreAuthorize.class);
if (preAuthorizeAnnotation.isPresent()) {
apiRoleAccessNoteText = "Endpoint Access Privilieges & Ruels : " + preAuthorizeAnnotation.get().value();
}
// add the note text to the Swagger UI
context.operationBuilder().notes(descriptions.resolve(apiRoleAccessNoteText));
} catch (Exception e) {
LOGGER.error("Error when creating swagger documentation for security roles: " + e);
}
}
@Override
public boolean supports(DocumentationType delimiter) {
return SwaggerPluginSupport.pluginDoesApply(delimiter);
}
}
答案 2 :(得分:0)
如果您需要保留通过注释添加的现有注释并将@Authorisation值添加在一起,请执行以下操作。
@ApiOperation(value = "Create new Organisation", notes = "Notes added through annotation")
@Authorization(value = ROOT_ORG_ADMIN)
按如下所示创建“ OperationNotesResourcesReader”类
@Component
@Order(SwaggerPluginSupport.SWAGGER_PLUGIN_ORDER + 1)
@Slf4j
public class OperationNotesResourcesReader implements OperationBuilderPlugin {
private final DescriptionResolver descriptions;
@Autowired
public OperationNotesResourcesReader(DescriptionResolver descriptions) {
this.descriptions = descriptions;
}
@Override
public void apply(OperationContext context) {
try {
Optional<ApiOperation> annotation = context.findAnnotation(ApiOperation.class);
String notes = (annotation.isPresent() && StringUtils.hasText(annotation.get().notes())) ? (annotation.get().notes()) : "";
String apiRoleAccessNoteText = "<b>Access Privilieges & Ruels : </b> Nil";
Optional<PreAuthorize> preAuthorizeAnnotation = context.findAnnotation(PreAuthorize.class);
if (preAuthorizeAnnotation.isPresent()) {
apiRoleAccessNoteText = "<b>Access Privilieges & Ruels : </b>" + preAuthorizeAnnotation.get().value();
}
notes = apiRoleAccessNoteText + " \n\n " + notes;
// add the note text to the Swagger UI
context.operationBuilder().notes(descriptions.resolve(notes));
} catch (Exception e) {
LOGGER.error("Error when creating swagger documentation for security roles: " + e);
}
}
@Override
public boolean supports(DocumentationType delimiter) {
return SwaggerPluginSupport.pluginDoesApply(delimiter);
}
}
请注意以下更改
@Order(SwaggerPluginSupport.SWAGGER_PLUGIN_ORDER + 1)
notes = apiRoleAccessNoteText + " \n\n " + notes;
// add the note text to the Swagger UI
context.operationBuilder().notes(descriptions.resolve(notes));
答案 3 :(得分:0)
这是我的个人版本,从@Unni版本开始,我只是用html标记玩了一点。
@Component
@Order(SwaggerPluginSupport.SWAGGER_PLUGIN_ORDER + 1)
public class OperationNotesResourcesReader implements OperationBuilderPlugin {
private static final Logger LOG = Logger.getLogger(OperationNotesResourcesReader.class.getName());
private final DescriptionResolver descriptions;
@Autowired
public OperationNotesResourcesReader(DescriptionResolver descriptions) {
this.descriptions = descriptions;
}
@Override
public void apply(OperationContext context) {
try {
StringBuilder sb = new StringBuilder();
// Check authorization
Optional<PreAuthorize> preAuthorizeAnnotation = context.findAnnotation(PreAuthorize.class);
sb.append("<b>Access Privileges & Rules</b>: ");
if (preAuthorizeAnnotation.isPresent()) {
sb.append("<em>" + preAuthorizeAnnotation.get().value() + "</em>");
} else {
sb.append("<em>NOT_FOUND</em>");
}
// Check notes
Optional<ApiOperation> annotation = context.findAnnotation(ApiOperation.class);
if (annotation.isPresent() && StringUtils.hasText(annotation.get().notes())) {
sb.append("<br /><br />");
sb.append(annotation.get().notes());
}
// Add the note text to the Swagger UI
context.operationBuilder().notes(descriptions.resolve(sb.toString()));
} catch (Exception e) {
LOG.log(Level.SEVERE, "Error when creating swagger documentation for security roles: ", e);
}
}
@Override
public boolean supports(DocumentationType delimiter) {
return SwaggerPluginSupport.pluginDoesApply(delimiter);
}
}
这是最终的渲染图:
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?