我已经创建了此Oauth2资源服务器:
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID = "frontoffice-rest-api";
private static final String SECURED_PATTERN = "/**";
private static final String SECURED_READ_SCOPE = "#oauth2.hasScope('read')";
private static final String SECURED_WRITE_SCOPE = "#oauth2.hasScope('write')";
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
.antMatchers(SECURED_PATTERN).and().authorizeRequests()
.antMatchers("/actuator/**").permitAll()
.antMatchers("/userlogin").permitAll()
.antMatchers(
"/v2/api-docs",
"/configuration/ui",
"/swagger-resources",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**",
"/swagger-resources/configuration/ui",
"/swagger-ui.html",
"/swagger-resources/configuration/security"
).permitAll()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers(HttpMethod.POST, SECURED_PATTERN).access(SECURED_WRITE_SCOPE)
.anyRequest().access(SECURED_READ_SCOPE);
}
我已经成功使用password_credential
授予类型的邮递员获得了令牌:
我们正在尝试配置springfox-swagger-ui
,以便能够使用oauth2
协议登录。
到目前为止,我们只发布了swagger-ui
,没有安全技能。因此,我们只能看到文档端点,但无法尝试。
public class SwaggerConfig {
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage(DocumentController.class.getPackage().getName()))
.paths(PathSelectors.any())
.build()
.apiInfo(this.getMetaData());
}
我们如何教导springfox-swagger-ui
使用OAuth2 password_credentials
?