swagger 怎么给每个接口添加token
为什么 我swagger没认证没给token 也能访问接口,怎么做全局token 不管是什么请求 如果没添加token就返回401你可以使用Swagger的全局操作过滤器来为每个接口添加token认证。你可以创建一个实现了Swagger的 OperationFilter 接口的类,并在 apply 方法中添加逻辑来检查请求中是否包含了token。如果请求中没有token,你可以设置响应状态码为401。下面是一个示例代码:
import io.swagger.v3.oas.models.Operation;
import io.swagger.v3.oas.models.parameters.Parameter;
import io.swagger.v3.oas.models.parameters.HeaderParameter;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.Components;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.OAuthBearerFlow;
public class SecurityConfiguration extends SecurityScheme {
public static void main(String[] args) {
SecurityScheme securityScheme = new SecurityScheme();
securityScheme.setType(SecurityScheme.Type.HTTP);
securityScheme.setScheme("bearer");
securityScheme.setBearerFormat("JWT");
OAuthFlow oAuthFlow = new OAuthFlow();
oAuthFlow.setAuthorizationUrl("https://example.com/api/oauth/dialog");
oAuthFlow.setTokenUrl("https://example.com/api/oauth/token");
oAuthFlow.setScopes(new Scopes().addString("read:pets", "read your pets"));
securityScheme.setFlows(new OAuthFlows().implicit(oAuthFlow));
securityScheme.setExtensions(new HashMap<String, Object>() {
{
put("x-foo", "value");
}
});
OpenAPI openAPI = new OpenAPI();
openAPI.components(new Components().addSecuritySchemes("petstore_auth", securityScheme));
Operation operation = new Operation();
operation.setSecurity(new ArrayList<SecurityRequirement>() {
{
add(new SecurityRequirement().addList("petstore_auth", Arrays.asList("write:pets", "read:pets")));
}
});
}
}
在这个示例中,我们创建了一个 SecurityConfiguration 类,继承了 SecurityScheme 类,并设置了Bearer Token认证。然后我们在 SecurityConfiguration 类中使用 OpenAPI 和 Operation 类来配置全局token认证。你可以根据你的实际需求来调整这个示例代码,确保每个接口都需要token认证。 在Swagger中添加全局Token认证可以通过以下步骤实现:
1. 在Swagger配置类中添加SecurityScheme对象:
java
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.securitySchemes(Arrays.asList(apiKey()))
.select()
.apis(RequestHandlerSelectors.any())
.paths(PathSelectors.any())
.build();
}
private ApiKey apiKey() {
return new ApiKey("api_key", "api_key", "header");
}
}
上面的代码中,我们定义了一个名为“api_key”的安全方案,并将其添加到Swagger的配置中。这个方案使用一个名为“api_key”的HTTP头来传递Token。
2. 在接口方法上添加@ApiOperation注解:
java
@ApiOperation(value = "get user by id")
@GetMapping("/user/{id}")
public User getUserById(@PathVariable Long id) {
// your code here
}
3. 使用Spring Security配置全局Token认证:
java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/swagger-ui.html").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(new TokenAuthenticationFilter(), BasicAuthenticationFilter.class)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
上面的代码中,我们使用Spring Security配置了全局Token认证。在这个例子中,只有携带正确Token的请求才能通过认证,并且所有请求都需要进行认证。除了Swagger UI页面外,其他页面都需要认证。
希望这些解释对你有所帮助!
页:
[1]