Spring Boot API的大头UI:如何在请求正文中添加“受众群体”以授权“客户端凭据”流程

时间:2019-04-17 15:14:17

标签: swagger swagger-ui

我已经从我的spring boot API中生成了swagger UI文档,该API使用来自auth0的oauth2客户端凭据授予来保护。

问题是: 在摇摇欲坠的配置中,我无法在授权时设置“受众”请求主体参数。 因此,swagger ui无法验证API。

我正在遵循此文档: https://www.baeldung.com/swagger-2-documentation-for-spring-rest-api

pom.xml:

    <dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-swagger-ui</artifactId>
        <version>2.9.2</version>  
    </dependency>

    <dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-swagger2</artifactId>
        <version>2.9.2</version> 
    </dependency>

SwaggerConfig.Java:

    @Configuration
    @EnableSwagger2
    public class SwaggerConfig {                                    


    String token_endpoint = "xxxx";


        @Bean
        public Docket api() {                
            return new Docket(DocumentationType.SWAGGER_2)          
              .select()                                       
              .apis(RequestHandlerSelectors.basePackage("xxxx.controller"))
              .paths(PathSelectors.any())                     
              .build()
              .apiInfo(apiInfo())
              .useDefaultResponseMessages(false)
              .securitySchemes(Arrays.asList(securityScheme()))
              .securityContexts(Arrays.asList(securityContext()));
        }




        private ApiInfo apiInfo() {
            return new ApiInfo(
              "xxxx API", 
              "Some description of API.", 
              "xxxx", 
              "Terms of service", 
              new Contact("xx", "xxxx", "xxxx"), 
              "License of API", "xxxx", Collections.emptyList());
        } 



        public void addResourceHandlers(ResourceHandlerRegistry registry) {
            registry.addResourceHandler("swagger-ui.html")
              .addResourceLocations("classpath:/META-INF/resources/");

            registry.addResourceHandler("/webjars/**")
              .addResourceLocations("classpath:/META-INF/resources/webjars/");
        }

       @Bean
        public SecurityConfiguration security() {


            return SecurityConfigurationBuilder.builder()
                .appName("xxxx")
                .clientId("")
                .clientSecret("")
                .build();

        }

        private SecurityScheme securityScheme() {
            GrantType grantType = new ClientCredentialsGrant(token_endpoint);
            SecurityScheme oauth = new OAuthBuilder().name("spring_oauth")
                .grantTypes(Arrays.asList(grantType))
                .build();
            return oauth;
        }



        private SecurityContext securityContext() {
            return SecurityContext.builder()
              .forPaths(PathSelectors.any())
              .build();
        }  



    }

响应为“ 403禁止”,这是因为在授权过程中,我无法在请求正文中提供“受众群体”:

“ error_description”:“不允许非全局客户端访问APIv1”

authorization in swagger ui for "application/client credentials grant type

0 个答案:

没有答案