如何为SwaggerUI中的每个SecurityScheme提供一个SecurityConfiguration

时间:2018-11-19 20:32:34

标签: spring swagger-ui swagger-2.0

我正在尝试包括将由Swagger UI的身份验证部分使用的多个安全方案。每个安全方案都需要具有不同的client-id / client-secret。我无法找出一种提供多个不同的client-id / client-secret的方法,因为单个SecurityConfiguration会为所有这些字段加载。

我知道,出于安全考虑,包含client-id / client-secret是不明智的。这些值仅在我们的开发和质量检查环境中可用,并且仅在我们网络内部可用。

@Autowired(required = false)
private ClientCredentialsResourceDetails clientCredentials;

@Bean
public SecurityConfiguration security() {
    // Here we are loading the client-id/client-secret into the UI
    // Apparently, this can only be configured for a single client-id/client-secret
    SecurityConfigurationBuilder config = SecurityConfigurationBuilder.builder()
        .clientId(clientCredentials.getClientId())
        .clientSecret(clientCredentials.getClientSecret())
        .scopeSeparator(" ")
        .useBasicAuthenticationWithAccessCodeGrant(true);
    return config.build();
}

@Bean
public Docket docket() {
    ApiSelectorBuilder apiBuilder = new Docket(DocumentationType.SWAGGER_2).select()
        .apis(RequestHandlerSelectors.any());

    for (String endpoint : swaggerProperties.getDocumentedEndpoints()) {
        apiBuilder.paths(PathSelectors.regex(endpoint));
    }
    return apiBuilder.build()
        .apiInfo(apiInfo())
       // Setup different security schemes .securitySchemes(Arrays.asList(clientCredentialsSecurityScheme(), passwordSecurityScheme()))
        .securityContexts(Arrays.asList(securityContext()));
}

private ApiInfo apiInfo() {
    return new ApiInfo(swaggerProperties.getApiLongName(),
        swaggerProperties.getApiDescription(),
        swaggerProperties.getApiVersion(),
        swaggerProperties.getTermsOfServiceUrl(),
        new Contact("", "", swaggerProperties.getDeveloperEmail()),
        swaggerProperties.getLicense(), swaggerProperties.getLicenseUrl(), Arrays.asList());
}

private String getAccessTokenUri() {
    String accessTokenUri = null;
    if(clientCredentials != null) {
        accessTokenUri = clientCredentials.getAccessTokenUri();
    }
    return accessTokenUri;
}

private SecurityScheme clientCredentialsSecurityScheme() {
    ClientCredentialsGrant grantType2 = new ClientCredentialsGrant(getAccessTokenUri());

    SecurityScheme oauth = new OAuthBuilder().name("client_credential_scheme")
        .grantTypes(Arrays.asList(grantType2))
        .scopes(Arrays.asList(scopes()))
        .build();
    return oauth;
}

private SecurityScheme passwordSecurityScheme() {
    GrantType grantType = new ResourceOwnerPasswordCredentialsGrant(getAccessTokenUri());

    SecurityScheme oauth = new OAuthBuilder().name("password_scheme")
        .grantTypes(Arrays.asList(grantType))
        .build();
    return oauth;
}

private SecurityContext securityContext() {
    return SecurityContext.builder()
        .securityReferences(
                    Arrays.asList(new SecurityReference("client_credential_scheme", scopes()),
                            new SecurityReference("password_scheme", scopes())))
        .forPaths(PathSelectors.regex("/v.*"))
        .build();
}

private AuthorizationScope[] scopes() {
    AuthorizationScope[] scopes = {};
    return scopes;
}

0 个答案:

没有答案