在OpenAPI 3中,是否可以在全局级别定义SecurityScheme,然后在某些终结点覆盖它而不使用安全性(对于公共可访问终结点)?
例如(取自https://swagger.io/docs/specification/authentication/bearer-authentication/)
openapi: 3.0.0
...
# 1) Define the security scheme type (HTTP bearer)
components:
securitySchemes:
bearerAuth: # arbitrary name for the security scheme
type: http
scheme: bearer
bearerFormat: JWT # optional, arbitrary value for documentation purposes
# 2) Apply the security globally to all operations
security:
- bearerAuth: [] # use the same name as above
然后将给定的端点公开(不受保护)
paths:
/unprotected/path:
get:
security: []
还是应该以其他方式完成?
更新,该问题被标记为重复,但另一个问题处理的是Swagger 2.x,并且由于语法不同,我认为此问题和答案应保留。
答案 0 :(得分:0)
您确实可以按以下方式在OA3中基于路径的安全性:
paths:
/unprotected/path:
get:
security: []