swagger 2.0对oauth2 token权限问题的解决

使用

1. 引入pom:

<swagger2.version>2.8.0</swagger2.version>

  <!--swagger2 -->
    <dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-swagger2</artifactId>
        <version>${swagger2.version}</version>
    </dependency>
    <dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-swagger-ui</artifactId>
        <version>${swagger2.version}</version>
    </dependency>

2. 添加SwaggerConfig,配置见下文

3. controller上添加上注解:

@PostMapping(value = "/save")
@RequiresPermissions("medic:add")
@AddSysLog(descrption = "保存药品信息")
@LoginedUser
@ApiOperation(value = "保存药品信息",notes = "新增药品相关接口")
    public R save(@CurrentUser@ApiIgnore SysUser sysUser, @RequestBody @Valid Medicine medicine) {

4. 访问http://localhost:8080/api/swagger-ui.html

这种情况下会有权限问题,因为接口需要登录才能访问的,登录时需要传一个token(针对oauth2协议的,以token鉴权的系统哦)。

权限问题(注意,这种是针对oatuth2协议token鉴权的场景或其他以token鉴权的场景)

对oauth2不清楚的请自行翻阅之前的公众号中对oauth2的讲解。swagger正常使用时,我们的接口需要登陆才能访问的。即登陆时,要传一个登陆后的token才能访问的。那这个怎么设置,才可以让所有接口都允许登陆后访问呢。解决办法如下:

@Configuration
@EnableWebMvc
@EnableSwagger2
public class SwaggerConfig   {

    @Bean
    public Docket platformApi() {

        return new Docket(DocumentationType.SWAGGER_2).apiInfo(apiInfo()).forCodeGeneration(true)
                .select().apis(RequestHandlerSelectors.withMethodAnnotation(ApiOperation.class))
                .apis(RequestHandlerSelectors.any())
                .paths(regex("^.*(?<!error)$"))
                .build()
                .securitySchemes(securitySchemes())
                .securityContexts(securityContexts());


    }
    private List<ApiKey> securitySchemes() {
        List<ApiKey> apiKeyList= new ArrayList();
        //注意,这里应对应登录token鉴权对应的k-v
        apiKeyList.add(new ApiKey("x-auth-token", "x-auth-token", "header"));
        return apiKeyList;
    }

    private List<SecurityContext> securityContexts() {
        List<SecurityContext> securityContexts=new ArrayList<>();
        securityContexts.add(
                SecurityContext.builder()
                        .securityReferences(defaultAuth())
                        .forPaths(PathSelectors.regex("^(?!auth).*$"))
                        .build());
        return securityContexts;
    }

    List<SecurityReference> defaultAuth() {
        AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
        AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
        authorizationScopes[0] = authorizationScope;
        List<SecurityReference> securityReferences=new ArrayList<>();
        securityReferences.add(new SecurityReference("Authorization", authorizationScopes));
        return securityReferences;
    }

    private ApiInfo apiInfo() {
        return new ApiInfoBuilder().title("666-API").description("©2018 Copyright. Powered By 666.")
                .contact(new Contact("Starmark", "", "1178048210@qq.com")).license("Apache License Version 2.0")
                .licenseUrl("https://github.com/springfox/springfox/blob/master/LICENSE").version("2.0").build();
    }

}

关键是在securitySchemes()方法配置里增加需要token的配置。配置完成后,swagger-ui.html里右上角会有一个Authorize的按钮,录入该token即能成功调用相关接口,见下图:

原文发布于微信公众号 - 开发架构二三事(gh_d6f166e26398)

原文发表时间:2019-08-23

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

扫码关注云+社区

领取腾讯云代金券