Spring Boot 集成 Swagger2 與配置 OAuth2.0 受權

Spring Boot 集成 Swagger2 很簡單,因爲接口採用了OAuth2.0 & JWT 協議作了安全驗證,使用過程當中也遇到了不少小的問題,屢次嘗試下述配置能夠正常使用。html

Maven git

        <!-- swagger2 -->
        <dependency>
            <groupId>io.springfox</groupId>
            <artifactId>springfox-swagger2</artifactId>
            <version>2.8.0</version>
        </dependency>
        <dependency>
            <groupId>io.springfox</groupId>
            <artifactId>springfox-swagger-ui</artifactId>
            <version>2.8.0</version>
        </dependency>
        <dependency>
            <groupId>io.springfox</groupId>
            <artifactId>springfox-bean-validators</artifactId>
            <version>2.8.0</version>
        </dependency>
Swagger2Configuration
 
 
 
 
 
@Configuration
@EnableSwagger2
public class Swagger2Configuration {

   // @Value("${config.oauth2.accessTokenUri}")
    private String accessTokenUri ="http://localhost:8080/oauth/token";

    private ApiInfo apiInfo() {
        return new ApiInfoBuilder()
                .title("API 接口服務")
                .description("API 接口服務")
                .termsOfServiceUrl("http://www.cnblogs.com/irving")
                .version("v1")
                .license("Apache License Version 2.0")
                .licenseUrl("https://www.apache.org/licenses/LICENSE-2.0")
                .contact(new Contact("irving","http://www.cnblogs.com/irving","zhouyongtao@outlook.com"))
                .build();
    }

    @Bean
    public Docket api() {
        return new Docket(DocumentationType.SWAGGER_2)
                .apiInfo(apiInfo())
                .select()
                .apis(RequestHandlerSelectors.basePackage("com.holiday.sunweb.controller"))
                //.apis(RequestHandlerSelectors.withClassAnnotation(Api.class))
                .paths(PathSelectors.any())
                .build()
                .securityContexts(Collections.singletonList(securityContext()))
                .securitySchemes(Arrays.asList(securitySchema(), apiKey(), apiCookieKey()));
//                .globalOperationParameters(
//                        newArrayList(new ParameterBuilder()
//                                .name("access_token")
//                                .description("AccessToken")
//                                .modelRef(new ModelRef("string"))
//                                .parameterType("query")
//                                .required(true)
//                                .build()));
    }

    @Bean
    public SecurityScheme apiKey() {
        return new ApiKey(HttpHeaders.AUTHORIZATION, "apiKey", "header");
    }

    @Bean
    public SecurityScheme apiCookieKey() {
        return new ApiKey(HttpHeaders.COOKIE, "apiKey", "cookie");
    }

    private OAuth securitySchema() {

        List<AuthorizationScope> authorizationScopeList = newArrayList();
        authorizationScopeList.add(new AuthorizationScope("read", "read all"));
        authorizationScopeList.add(new AuthorizationScope("write", "access all"));
        List<GrantType> grantTypes = newArrayList();
        GrantType passwordCredentialsGrant = new ResourceOwnerPasswordCredentialsGrant(accessTokenUri);
        grantTypes.add(passwordCredentialsGrant);

        return new OAuth("oauth2", authorizationScopeList, grantTypes);
    }

    private SecurityContext securityContext() {
        return SecurityContext.builder().securityReferences(defaultAuth())
                .build();
    }

    private List<SecurityReference> defaultAuth() {

        final AuthorizationScope[] authorizationScopes = new AuthorizationScope[3];
        authorizationScopes[0] = new AuthorizationScope("read", "read all");
        authorizationScopes[1] = new AuthorizationScope("trust", "trust all");
        authorizationScopes[2] = new AuthorizationScope("write", "write all");

        return Collections.singletonList(new SecurityReference("oauth2", authorizationScopes));
    }

//    @Bean
//    public SecurityConfiguration security() {
//        return new SecurityConfiguration
//                ("client", "secret", "", "", "Bearer access token", ApiKeyVehicle.HEADER, HttpHeaders.AUTHORIZATION,"");
//    }

    @Bean
    SecurityConfiguration security() {
        return SecurityConfigurationBuilder.builder()
                .clientId("client_test")
                .clientSecret("secret_test")
                .realm("test-app-realm")
                .appName("test-app")
                .scopeSeparator(",")
                .additionalQueryStringParams(null)
                .useBasicAuthenticationWithAccessCodeGrant(false)
                .build();
    }

    @Bean
    UiConfiguration uiConfig() {
        return UiConfigurationBuilder.builder()
                .deepLinking(true)
                .displayOperationId(false)
                .defaultModelsExpandDepth(1)
                .defaultModelExpandDepth(1)
                .defaultModelRendering(ModelRendering.EXAMPLE)
                .displayRequestDuration(false)
                .docExpansion(DocExpansion.NONE)
                .filter(false)
                .maxDisplayedTags(null)
                .operationsSorter(OperationsSorter.ALPHA)
                .showExtensions(false)
                .tagsSorter(TagsSorter.ALPHA)
                .validatorUrl(null)
                .build();
    }
}
UserController
 
 
 
 
 
@Api(value = "用戶接口服務", description = "用戶接口服務")
@RestController
@RequestMapping("/api/v1/users")
public class UserController {

    private final Logger logger = LoggerFactory.getLogger(this.getClass());

    @Autowired
    private UserRepository userRepository;

    @ApiOperation(value = "查詢經過 OAuth2.0 受權後獲取的用戶信息", notes = "經過 OAuth2.0 受權後獲取的用戶信息")
    @GetMapping("/principal")
    public Principal principal(Principal principal)
    {
        return principal;
    }


    @ApiOperation(value = "根據用戶名查詢用戶信息", notes = "根據用戶名查詢用戶信息")
    @GetMapping("/{username}")
    public BaseMsg GetUserInfoByUserName(@PathVariable String username) {
        return BaseMsgResponse.success(userRepository.findOneByusername(username));
    }

    @ApiOperation(value = "根據ID刪除一個用戶", notes = "根據ID刪除一個用戶")
    @DeleteMapping("/{id}")
    public BaseMsg getInfoByName(@PathVariable Integer id) {
        userRepository.deleteById(id);
        return BaseMsgResponse.success();
    }
}

最後訪問 http://localhost:8080/swagger-ui.html#/github

image

配置 Resource Owner Password Credentials 模式的 Clientweb

image

Testspring

image

問題:apache

swagger-2.9.1 /csrf is 404 問題 api

A:這個問題在 2.9.x 版本中有(https://github.com/springfox/springfox/issues/2603) ,暫時尚未找到好的解決方案,回退到 2.8.0 版本。安全

配置 ApiKey 後 HTTP 頭 Authorization: Bearer {THE TOKEN} 不生效問題cookie

A:2.7.x 版本沒有問題(https://github.com/springfox/springfox/issues/1812) app

@Bean
    public SecurityScheme apiKey() {
        return new ApiKey(HttpHeaders.AUTHORIZATION, "apiKey", "header");
    }

後面使用了 OAuth2.0 協議在 2.8.0 版本中無問題。

REFER:
https://springfox.github.io/springfox/docs/current/
https://github.com/springfox/springfox
https://github.com/rrohitramsen/spring-boot-oauth2-jwt-swagger-ui

相關文章
相關標籤/搜索