如何配置springfox生成为私有端点中的所有请求添加身份验证标头的招摇工具?

时间:2019-01-28 07:44:02

标签: java spring-security swagger swagger-2.0 springfox

Spring安全配置

@Bean
public SecurityWebFilterChain securityWebFilterChainBean(ServerHttpSecurity httpSecurity) {
    httpSecurity.authorizeExchange()
                .pathMatchers("/v2/api-docs").permitAll()
                .pathMatchers("/configuration/ui").permitAll()
                .pathMatchers("/swagger-resources/**").permitAll()
                .pathMatchers("/configuration/security").permitAll()
                .pathMatchers("/swagger-ui.html").permitAll()
                .pathMatchers("/webjars/**").permitAll()
                .pathMatchers("/v2/**").permitAll()

                .anyExchange().authenticated();
    return httpSecurity.build();
}

其他控制器

@RestController
public class MyController {
    @PostMapping("myPath")
    public MyResponse newLoansOffers(@RequestBody MyRequest request) {
        return new MyResponse();
    }
}

Spring fox配置:

@Bean
public Docket api() {
    Class[] clazz = {AuthenticationPrincipal.class};

    return new Docket(DocumentationType.SWAGGER_2)
            .securitySchemes(Lists.newArrayList(apiKey()))
            .select()
            .paths(PathSelectors.any())
            .build();
}

private ApiKey apiKey() {
    return new ApiKey("xauth", "X-Auth-Token", "header");
}

出了什么问题?

我单击“授权”按钮:

enter image description here

然后输入有效值

enter image description here

但是当我从swagger ui发送myPath请求时,没有X-Auth-Token标头随请求一起传递。 :(

据我了解,springfox不会在摇动生成过程中“考虑” spring安全配置:

  1. 有办法吗?
  2. 如果没有,如何仅使用专用端点的auth标头来进行大张旗鼓的生成?

0 个答案:

没有答案
相关问题
最新问题