我确实使用Application子类和beanConfig对象配置了swagger,我的securityDefinition必须允许swagger ui显示de api_key字段以允许对我的所有服务层进行身份验证。
BeanConfig beanConfig = new BeanConfig();
beanConfig.setSchemes(new String[] { "http" });
beanConfig.setHost("192.168.4.9:8080");
beanConfig.setBasePath("/cjppa/rest");
beanConfig.setResourcePackage("com.cjppa.fpuna.backend.resources");
beanConfig.setScan(true);
beanConfig.setPrettyPrint(true);
io.swagger.models.Info info = new io.swagger.models.Info();
io.swagger.models.Contact contact = new io.swagger.models.Contact();
info.setVersion("1.0");
beanConfig.setInfo(info);
io.swagger.models.auth.ApiKeyAuthDefinition apikey = new
io.swagger.models.auth.ApiKeyAuthDefinition();
apikey.setName("x-token");
apikey.setIn(In.HEADER);
Swagger swagger = new Swagger().info(info);
swagger.securityDefinition("api_key", apikey);
beanConfig.configure(swagger);
预期的api_key出现在" x-token" http标题
答案 0 :(得分:0)
你可以在afterScan方法中实现io.swagger.jaxrs.config.ReaderListener,addSecurity。例如:
@SwaggerDefinition(securityDefinition = @SecurityDefinition(apiKeyAuthDefinitions = {
@ApiKeyAuthDefinition(in = ApiKeyAuthDefinition.ApiKeyLocation.HEADER, key = "token", name = "E-token"),
@ApiKeyAuthDefinition(in = ApiKeyAuthDefinition.ApiKeyLocation.HEADER, key = "userId", name = "E-userId"),
@ApiKeyAuthDefinition(in = ApiKeyAuthDefinition.ApiKeyLocation.HEADER, key = "corpId", name = "E-corpId") }) )
public class SwaggerCustomizeDefinition implements ReaderListener {
@Override
public void beforeScan(Reader reader, Swagger swagger) {
}
@Override
public void afterScan(Reader reader, Swagger swagger) {
swagger.addSecurity(new SecurityRequirement().requirement("token"));
swagger.addSecurity(new SecurityRequirement().requirement("userId"));
swagger.addSecurity(new SecurityRequirement().requirement("corpId"));
}
}
答案 1 :(得分:0)
我还试图通过使用BasicAuthentification为我的webservice的某些操作带来招摇我的resteasy webservice。我在我的pom.xml中通过maven导入了swagger:
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-jaxrs</artifactId>
<version>1.5.18</version>
</dependency>
在我的Application类中,我配置了BeanConfig:
import javax.ws.rs.ApplicationPath;
import io.swagger.jaxrs.config.BeanConfig;
@ApplicationPath("/rest")
public class Application extends javax.ws.rs.core.Application{
public Application() {
BeanConfig beanConfig = new BeanConfig();
beanConfig.setVersion("1.0");
beanConfig.setResourcePackage("de.mycompany.topic.ws");
beanConfig.setBasePath("/de.mycompany.topic.ws/rest/");
beanConfig.setScan(true);
}
}
重要的是通过Annotations在ReaderListener实现中配置BasicAuthentification。 basicAuth是一个任意名称。
import io.swagger.annotations.BasicAuthDefinition;
import io.swagger.annotations.SecurityDefinition;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.jaxrs.Reader;
import io.swagger.jaxrs.config.ReaderListener;
import io.swagger.models.Swagger;
@SwaggerDefinition(securityDefinition = @SecurityDefinition(basicAuthDefinitions = {
@BasicAuthDefinition(key = "basicAuth")
}) )
public class SwaggerCustomizeDefinition implements ReaderListener {
@Override
public void beforeScan(Reader reader, Swagger swagger) {
}
@Override
public void afterScan(Reader reader, Swagger swagger) {
}
}
在MyRestService中,我注释了在没有基本身份验证的情况下应该无法使用的操作。见这里,例如为了节省客户:
@Api
@Path("/")
public class MyRestService {
private final static String UTF8 = ";charset=UTF-8";
@POST
@Path("/customer")
@Produces(MediaType.APPLICATION_JSON + UTF8)
@ApiOperation(
value = "Saves customer specified in the body",
notes = "note that appears in swagger ui",
authorizations = {
@Authorization(value = "basicAuth", scopes={})
})
@ApiResponses(value = {
@ApiResponse(code = 201, message = "customer created"),
@ApiResponse(code = 401, message = "Unauthorized"),
@ApiResponse(code = 404, message = "customer format not supported"),
})
public Response saveCustomer(
String content,
@BasicAuthDefinition(key = "basicAuth") @HeaderParam("Authorization") String authorization) {
// authorization
try {
if (!MyManager.isAuthorized(authorization)) {
return Response.status(Status.UNAUTHORIZED).build();
}
} catch (Exception e) {
return Response.status(Status.INTERNAL_SERVER_ERROR).build();
}
//do the work, authorization was ok
}
}
那就是它。我尝试了很多变化,这是唯一一个对我有用的变体。我的主要问题是,授权按钮没有出现在ui中,并且swagger ui中单个方法上方的锁不可点击,因此不会出现基本的身份验证模式对话框。通过这种实现,它可以工作。