Header security authentication

1. OAS_30 way

The default access: http://localhost:8080/swagger-ui/index.html

1.1 pom depends on

    <dependency>
      <groupId>io.springfox</groupId>
      <artifactId>springfox-boot-starter</artifactId>
      <version>${springfox.verion}</version>
    </dependency>
Copy the code

1.2 the resources

application.yml

spring:
  swagger:
    front:
      groupName: The front desk management
      basePackage: com.ecommerce.onion.application
      title: Order Management AI
      description: Process of order processing (security verification) using domain driven development approach
      contactName: luds
      contactUrl: https://juejin.cn/user/4327332666152279
      contactEmail: 
      version: 1.0. 0
      enable: true
    back:
      groupName: Background management
      basePackage: com.ecommerce.onion.application
      title: Order Management API
      description: Use domain - driven development to process orders
      contactName: luds
      contactUrl: https://juejin.cn/user/4327332666152279
      contactEmail: 
      version: 1.0. 0
      enable: true

Copy the code

1.3 SwaggerProperties. Java

/** * Swagger attribute configuration class */
@ConfigurationProperties(prefix = "spring.swagger")
@Data
public class SwaggerProperties {
	/** * Front interface configuration */
	private SwaggerEntity front;
	/** * Background interface configuration */
	private SwaggerEntity back;
	@Data
	public static class SwaggerEntity {
		private String groupName;
		private String basePackage;
		private String title;
		private String description;
		private String contactName;
		private String contactEmail;
		private String contactUrl;
		private String version;
		privateBoolean enable; }}Copy the code

1.4 SwaggerConfig. Java

@EnableOpenApi
@Configuration
@EnableConfigurationProperties(value = {SwaggerProperties.class})
public class SwaggerConfig {
	/** * Configure attributes */
	@Autowired
	private SwaggerProperties properties;
	@Bean
	public Docket frontApi(a) {
		RequestParameter parameter = new RequestParameterBuilder()
				.name("platform")
				.description("Request header")
				.in(ParameterType.HEADER)
				.required(true)
				.build();
		List<RequestParameter> parameters = Collections.singletonList(parameter);
		return new Docket(DocumentationType.OAS_30)
				// Whether to enable the function based on the environment
				.enable(properties.getFront().getEnable())
				.groupName(properties.getFront().getGroupName())
				.apiInfo(frontApiInfo())
				.select()
				// Specify the packet to scan
				.apis(RequestHandlerSelectors.basePackage(properties.getFront().getBasePackage()))
				.paths(PathSelectors.any())
				.build()
				.securitySchemes(securitySchemes())
				.securityContexts(securityContexts());
	}
	/** * Set the authorization information */
	private List<SecurityScheme> securitySchemes(a) {
		ApiKey apiKey = new ApiKey("BASE_TOKEN"."token", In.HEADER.toValue());
		return Collections.singletonList(apiKey);
	}
	/** * Authorization information global application */
	private List<SecurityContext> securityContexts(a) {
		return Collections.singletonList(
				SecurityContext.builder()
						.securityReferences(Collections.singletonList(new SecurityReference("BASE_TOKEN".new AuthorizationScope[]{new AuthorizationScope("global"."")})))
						.build()
		);
	}
	/** * Foreground API information */
	private ApiInfo frontApiInfo(a) {
		return new ApiInfoBuilder()
				.title(properties.getFront().getTitle())
				.description(properties.getFront().getDescription())
				.version(properties.getFront().getVersion())
				.contact(    // Add some information about the developer
						new Contact(properties.getFront().getContactName(), properties.getFront().getContactUrl(),
								properties.getFront().getContactEmail()))
				.build();
	}

	/** * background API */
	@Bean
	public Docket backApi(a) {
		return new Docket(DocumentationType.OAS_30)
				// Whether to enable the function based on the environment
				.enable(properties.getBack().getEnable())
				.groupName("Back office")
				.apiInfo(backApiInfo())
				.select()
				.apis(RequestHandlerSelectors.basePackage(properties.getBack().getBasePackage()))
				.paths(PathSelectors.any())
				.build();
	}

	/** * background API information */
	private ApiInfo backApiInfo(a) {
		return new ApiInfoBuilder()
				.title(properties.getBack().getTitle())
				.description(properties.getBack().getDescription())
				.version(properties.getBack().getVersion())
				.contact(    // Add some information about the developer
						newContact(properties.getBack().getContactName(), properties.getBack().getContactUrl(), properties.getBack().getContactEmail())) .build(); }}Copy the code

2. Swagger2 Style (old version)

The default access: http://localhost:8080/swagger-ui/index.html

Or http://localhost:8080/doc.html#

2.1 pom depends on

    <dependency>
      <groupId>io.springfox</groupId>
      <artifactId>springfox-swagger2</artifactId>
      <version>2.7.0</version>
    </dependency>
    <dependency>
      <groupId>io.springfox</groupId>
      <artifactId>springfox-swagger-ui</artifactId>
      <version>2.7.0</version>
    </dependency>
    <dependency>
      <groupId>com.github.xiaoymin</groupId>
      <artifactId>swagger-bootstrap-ui</artifactId>
      <version>1.9.6</version>
    </dependency>
Copy the code

2.2 SwaggerConfig. Java

@Configuration
@EnableSwagger2
public class SwaggerConfig {
    @Bean
    public Docket docket(a){
        return new Docket(DocumentationType.SWAGGER_2)
                    .apiInfo(apiInfo())
                    .securityContexts(Arrays.asList(securityContext()))
                    .securitySchemes(Arrays.asList(apiKey(),apiKeyUserName()))
                    .select()
                    .apis(RequestHandlerSelectors.basePackage("com.ecommerce.onion.application"))
                    .paths(PathSelectors.any())
                    .build();
    }
    private ApiInfo apiInfo(a){
        return new ApiInfoBuilder()
                   .title("title")
                   .description("test")
                   .version("0.0.1")
                   .build();
    }
    private ApiKey apiKeyUserName(a){
        return new ApiKey("userName"."userName"."header");
    }
    private ApiKey apiKey(a){
        return new ApiKey("Authorization"."Authorization"."header");
    }
    private SecurityContext securityContext(a){
        return SecurityContext.builder().securityReferences(defaultAuth()).build();
    }
    private List<SecurityReference> defaultAuth(a){
        AuthorizationScope authorizationScope = new AuthorizationScope("global"."accessEverything");
        AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
        authorizationScopes[0] =authorizationScope;
        return Arrays.asList(new SecurityReference("Authorization",authorizationScopes),new SecurityReference("userName",authorizationScopes)); }}Copy the code

3. How to deal with the requirement that Swagger is disabled in on-line environment and see the different results

3.1 Dialog Box Style Swagger2

  • @Profile({“dev”,”test”})
  • @ConditionalOnProperty(prefix = “swagger2”, value = {“enable”}, havingValue = “true”)

Note: In the background, there will be an error message

3.2 error page

  • Docket(DocumentationType.OAS_30).enable(false)

Note: background, calm as water, no error message reported