我正在尝试包括将由Swagger UI的身份验证部分使用的多个安全方案。每个安全方案都需要具有不同的client-id / client-secret。我无法找出一种提供多个不同的client-id / client-secret的方法,因为单个SecurityConfiguration会为所有这些字段加载。
我知道,出于安全考虑,包含client-id / client-secret是不明智的。这些值仅在我们的开发和质量检查环境中可用,并且仅在我们网络内部可用。
@Autowired(required = false)
private ClientCredentialsResourceDetails clientCredentials;
@Bean
public SecurityConfiguration security() {
// Here we are loading the client-id/client-secret into the UI
// Apparently, this can only be configured for a single client-id/client-secret
SecurityConfigurationBuilder config = SecurityConfigurationBuilder.builder()
.clientId(clientCredentials.getClientId())
.clientSecret(clientCredentials.getClientSecret())
.scopeSeparator(" ")
.useBasicAuthenticationWithAccessCodeGrant(true);
return config.build();
}
@Bean
public Docket docket() {
ApiSelectorBuilder apiBuilder = new Docket(DocumentationType.SWAGGER_2).select()
.apis(RequestHandlerSelectors.any());
for (String endpoint : swaggerProperties.getDocumentedEndpoints()) {
apiBuilder.paths(PathSelectors.regex(endpoint));
}
return apiBuilder.build()
.apiInfo(apiInfo())
// Setup different security schemes .securitySchemes(Arrays.asList(clientCredentialsSecurityScheme(), passwordSecurityScheme()))
.securityContexts(Arrays.asList(securityContext()));
}
private ApiInfo apiInfo() {
return new ApiInfo(swaggerProperties.getApiLongName(),
swaggerProperties.getApiDescription(),
swaggerProperties.getApiVersion(),
swaggerProperties.getTermsOfServiceUrl(),
new Contact("", "", swaggerProperties.getDeveloperEmail()),
swaggerProperties.getLicense(), swaggerProperties.getLicenseUrl(), Arrays.asList());
}
private String getAccessTokenUri() {
String accessTokenUri = null;
if(clientCredentials != null) {
accessTokenUri = clientCredentials.getAccessTokenUri();
}
return accessTokenUri;
}
private SecurityScheme clientCredentialsSecurityScheme() {
ClientCredentialsGrant grantType2 = new ClientCredentialsGrant(getAccessTokenUri());
SecurityScheme oauth = new OAuthBuilder().name("client_credential_scheme")
.grantTypes(Arrays.asList(grantType2))
.scopes(Arrays.asList(scopes()))
.build();
return oauth;
}
private SecurityScheme passwordSecurityScheme() {
GrantType grantType = new ResourceOwnerPasswordCredentialsGrant(getAccessTokenUri());
SecurityScheme oauth = new OAuthBuilder().name("password_scheme")
.grantTypes(Arrays.asList(grantType))
.build();
return oauth;
}
private SecurityContext securityContext() {
return SecurityContext.builder()
.securityReferences(
Arrays.asList(new SecurityReference("client_credential_scheme", scopes()),
new SecurityReference("password_scheme", scopes())))
.forPaths(PathSelectors.regex("/v.*"))
.build();
}
private AuthorizationScope[] scopes() {
AuthorizationScope[] scopes = {};
return scopes;
}