Knowledge changes fate, masturbation makes me happy, how is your hair line in 2019? This article corresponds to the source code cloud (Gitee) warehouse gitee.com/minbox-proj… Your Star is the biggest motivation for me
preface
Swagger2, as an outstanding member of the invasive document, supports the online debugging of interface authentication. When we call the interface protected by OAuth2, we need to use valid AccessToken as the Authorization value in the request Header, then we have access to it. What about the AccessToken value that we set when debugging online with Swagger? ApiBoot links required for this article:
- ApiBoot website
- ApiBoot full component series of articles
- ApiBoot Gitee Source Repository (welcome Contributor)
- ApiBoot GitHub source repository (welcome Contributor)
Creating a sample project
In the previous article “Using Swagger2 as a document to Describe your interface information”, we have talked about using Swagger2 to simply describe the interface and provide visual online interface documentation. Our main purpose of this chapter is to integrate the online debugging interface using OAuth2. We copied the interface tested in the previous section, UserController, into this article for testing purposes. The project pom.xml dependencies in this chapter are as follows:
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.minbox.framework</groupId> <artifactId>api-boot-starter-swagger</artifactId> </dependency> <dependency> <groupId>org.minbox.framework</groupId> <artifactId>api-boot-starter-security-oauth-jwt</artifactId> </dependency> </dependencies> <dependencyManagement> <dependencies> <dependency> <groupId>org.minbox.framework</groupId> <artifactId>api-boot-dependencies</artifactId> <version>2.2.1.RELEASE</version> <type> POm </type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>Copy the code
If you’ve seen ApiBoot Security and ApiBoot OAuth, you know that Spring Security can be integrated with OAuth2 through a few simple lines of configuration in the application.yml file.
ApiBoot Security & ApiBoot OAuth Components using a series of articles: blog.yuqiyu.com/apiboot-all…
If you want to learn more about this amazing ApiBoot security component, you can learn by relying on the article summary link.
Enable ApiBoot Swagger
The @enableapibootswagger annotation is used to EnableApiBootSwagger related functions. The configuration of the XxxApplication entry class is as follows:
@SpringBootApplication @EnableApiBootSwagger public class ApibootSwaggerIntegratedOauthApplication { public static void main(String[] args) { SpringApplication.run(ApibootSwaggerIntegratedOauthApplication.class, args); }}Copy the code
Configuration ApiBoot Security
When using grant_type=password to obtain AccessToken, we need to pass username and password of the user. Using the default memory configuration, we only need to add the following configuration in the application.
API: boot: security: # Configure security user list Users: -username: yuqiyu password: 123123 # Resource protection path prefix, default is/API /** auth-prefix: /**Copy the code
Configuration ApiBoot request
To add the client list configuration information required by OAuth2, use the default memory mode to configure client-id and client-secret for the client, just modify the contents of the application.
Clients: - clientId: minbox clientSecret: chapterCopy the code
Learn about resource file exclusion interception
Swagger2 visual interface consists of many static resources, such as: Js/CSS /images, etc. These resources can only be accessed after the integration of Spring Security without permission blocking. If the traditional integration of Spring Security is used, the path can only be ignored by using WebSecurity. ApiBoot Security excludes static resource files for Swagger.
Run the test
Start this chapter by way of Application program, Swagger visual interface visit: http://localhost:8080/swagger-ui.html
Get AccessToken
Retrieve the user using CURL: yuqiyu request token, as shown below:
➜ ~ curl -x POST minbox: chapter @ localhost: 8080 / request/token - d 'grant_type = password&username = yuqiyu&password = 123123' {"access_token":"304676a4-b9a6-4c4d-af40-e439b934aba8","token_type":"bearer","refresh_token":"ee2b5744-6947-4677-862e-fc f9517afca5","expires_in":7199,"scope":"api"}Copy the code
Swagger online debugging
We combined the obtained AccessToken with the type of Bearer 304676A4-B9A6-4C4D-AF40-E439B934ABA8 and configured the token string into the Swagger interface as shown below:
Click Authorize button after input.
Type on the blackboard and underline
The online debugging of Swagger is actually an internal simulation of sending a Request, combining and assembling the parameters entered on the interface and sending them to the interface path to be tested. The setting of AccessToken in the figure above is also a temporary save, which will be lost when the page is refreshed and automatically appended to the Request Header list when the Request is sent.
Code sample
If you like this article please click Star for source repository, thanks!! The sample source code for this article can be obtained from the directory APIboot-Swagger-integrated -oauth:
- Gitee:gitee.com/minbox-proj…
Author’s Personal blog
Use the open source framework ApiBoot to help you become an Api service architect