Geek Answers Handbook

Configure security schemes and contexts in Springfox and Spring MVC

I have simple REST services implemented using Spring MVC. I decided to describe them using Springfox and Swagger 2.0. Everything seemed to be in order until I started adding security schemes and contexts. I use basic HTTP authentication for specific endpoints and token based authentication for others. Whatever I do, I see no way to set the HTTP Basic authentication credentials or specify a token in the Swagger interface. Below is my configuration. For simplicity, I apply both schemes to all endpoints here.

@Configuration
@EnableSwagger2
public class SwaggerConfig {

    @Bean
    public Docket apiV1() {
      return new Docket(DocumentationType.SWAGGER_2)
        .select()
        .apis(RequestHandlerSelectors.any())
        .paths(PathSelectors.any())
        .build()
      .pathMapping("/api/v1")
      .securitySchemes(newArrayList(new BasicAuth("xBasic"), 
                                    new ApiKey("X-Auth-Token", "xAuthToken", "header")))
      .securityContexts(newArrayList(xBasicSecurityContext(), xAuthTokenSecurityContext()))
    }

    private SecurityContext xBasicSecurityContext() {
      SecurityContext.builder()
        .securityReferences(newArrayList(new SecurityReference("xBasic", 
                                                               new AuthorizationScope[0])))
        .build()
    }

    private SecurityContext xAuthTokenSecurityContext() {
      SecurityContext.builder()
        .securityReferences(newArrayList(new SecurityReference("xAuthToken", 
                                                               new AuthorizationScope[0])))
        .build()
    }
+6
source share
1

: Docket. API ( ), .

@Configuration
@EnableSwagger2
public class SwaggerConfig {

    @Bean
    public Docket authTokenSecuredApi() {
      return new Docket(DocumentationType.SWAGGER_2)
        .groupName("authTokenGroup") // 2 Dockets -> need to differ using groupName
        .select()
        .apis(RequestHandlerSelectors.basePackage("cz.bank.controller.package1"))
        .paths(PathSelectors.any())
        .build()
        .securitySchemes(Collections.singletonList(new ApiKey("X-Auth-Token", 
                                                              "xAuthToken",
                                                              "header")))
        .securityContexts(Collections.singletonList(xAuthTokenSecurityContext()));
    }

    @Bean
    public Docket basicAuthSecuredApi() {
      return new Docket(DocumentationType.SWAGGER_2)
        .groupName("basicAuthGroup") // 2 Dockets -> need to differ using groupName
        .select()
        .apis(RequestHandlerSelectors.basePackage("cz.bank.controller.package2"))
        .paths(PathSelectors.any())
        .build()
        .securitySchemes(Collections.singletonList(new BasicAuth("xBasic")))
        .securityContexts(Collections.singletonList(xBasicSecurityContext()));
    }

    private SecurityContext xBasicSecurityContext() {
      return SecurityContext.builder()
        .securityReferences(Collections.singletonList(
                              new SecurityReference("xBasic", 
                                                    new AuthorizationScope[0])))
        .build();
    }

    private SecurityContext xAuthTokenSecurityContext() {
      return SecurityContext.builder()
        .securityReferences(Collections.singletonList(
                              new SecurityReference("xAuthToken", 
                                                    new AuthorizationScope[0])))
        .build();
    }
}

, , , authorizations @ApiOperation @Api . "" Springfox, @Api, @ApiOperation , , :-)

+2

More articles:


All Articles