Swagger + spring boot + jwt + 如何禁用特定 API 的授权按钮
Posted
技术标签:
【中文标题】Swagger + spring boot + jwt + 如何禁用特定 API 的授权按钮【英文标题】:Swagger + spring boot + jwt + How to disable Authorize button for specific API 【发布时间】:2021-05-16 07:50:20 【问题描述】:我已经在我的 Spring Boot 应用程序中配置了 JWT Bearer 令牌认证。我有“Authenticate”和“Hello”控制器,其中“Hello”控制器将承载令牌作为授权标头。 “Authenticate” api 生成不记名令牌。邮递员一切正常。但是从大摇大摆的角度来看,我无法为“Authenticate” api 禁用“Authorize”按钮。 swagger screen clip
我的代码如下所示: SwaggerConfig 文件:
@Bean
public Docket swaggerSpringfoxDocket()
Contact contact = new Contact(
"shivaraj",
"https://shivaraj.co",
"bmxxxxx@xxxx.com");
List<VendorExtension> vext = new ArrayList<>();
ApiInfo apiInfo = new ApiInfo(
"Backend API",
"description",
"1.0.0",
"https://shivaraj.co",
contact,
"MIT",
"https://shivaraj.co",
vext);
Docket docket = new Docket(DocumentationType.SWAGGER_2)
.apiInfo(apiInfo)
.pathMapping("/")
.apiInfo(ApiInfo.DEFAULT)
.forCodeGeneration(true)
.genericModelSubstitutes(ResponseEntity.class)
.ignoredParameterTypes(SpringDataWebProperties.Pageable.class)
.ignoredParameterTypes(java.sql.Date.class)
.directModelSubstitute(java.time.LocalDate.class, java.sql.Date.class)
.directModelSubstitute(java.time.ZonedDateTime.class, Date.class)
.directModelSubstitute(java.time.LocalDateTime.class, Date.class)
.securityContexts(Lists.newArrayList(securityContext()))
.securitySchemes(Lists.newArrayList(apiKey()))
.useDefaultResponseMessages(false);
docket = docket.select()
.paths(regex(DEFAULT_INCLUDE_PATTERN))
.build();
return docket;
private ApiKey apiKey()
return new ApiKey("JWT", AUTHORIZATION_HEADER, "header");
private SecurityContext securityContext()
return SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(PathSelectors.regex(DEFAULT_INCLUDE_PATTERN))
.build();
List<SecurityReference> defaultAuth()
AuthorizationScope authorizationScope
= new AuthorizationScope("global", "accessEverything");
AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
authorizationScopes[0] = authorizationScope;
return Lists.newArrayList(
new SecurityReference("JWT", authorizationScopes));
作为替代方法,有没有一种方法可以为每个单独的控制器在 swagger 中启用授权按钮?
【问题讨论】:
我自己解决了。仅针对其他人:将“security = @SecurityRequirement(name = "bearerAuth")”添加到@Operation 标签允许启用/禁用令牌身份验证。 【参考方案1】:将security = @SecurityRequirement(name = "bearerAuth")
添加到@Operation
标签允许启用/禁用令牌身份验证。
【讨论】:
以上是关于Swagger + spring boot + jwt + 如何禁用特定 API 的授权按钮的主要内容,如果未能解决你的问题,请参考以下文章