Java爬坑 -- SpringBoot + Swagger2 整合遇到的權限問題

問題一 : 項目除了登錄之外,其他接口都需要認證權限

通過度娘和谷歌發現有兩種方式可以解決:

1. 通過給每一個接口配置一個全局的認證參數:

package com.dongsport.configuration;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.context.request.async.DeferredResult;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.ParameterBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.schema.ModelRef;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.service.Contact;
import springfox.documentation.service.Parameter;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

import java.util.ArrayList;
import java.util.List;

/**
 * @ClassName SwaggerConfigurer
 * @Description Swagger2 配置文件
 * @Author Q_先生
 * @Date 2018/4/27 15:01
 **/
@Configuration
@EnableSwagger2
public class SwaggerConfiguration {
    @Bean
    public Docket createRestApi() {

        //添加head參數start
        ParameterBuilder tokenPar = new ParameterBuilder();
        List<Parameter> pars = new ArrayList<>();
        tokenPar.name("Authorization")
                .description("令牌(登錄后獲取令牌)")
                .modelRef(new ModelRef("string"))
                .parameterType("header")
                .required(false)
                .build();
        pars.add(tokenPar.build());
        //添加head參數end

        return new Docket(DocumentationType.SWAGGER_2)
                .genericModelSubstitutes(DeferredResult.class)
                .useDefaultResponseMessages(false)
                .forCodeGeneration(false)
                .pathMapping("")
                .select()
                // TODO 如果是線上環境，添加路徑過濾，設置為全部都不符合
                // .paths(PathSelectors.none())
                .build()
                .globalOperationParameters(pars)
                .apiInfo(productApiInfo());
    }

    private ApiInfo productApiInfo() {
        return new ApiInfoBuilder()
                .title("使用Swagger2構建RESTful APIs")
                .description("物華天寶 , 龍光射牛斗之墟 \r" +
                        "人傑地靈 , 徐孺下陳蕃之榻")
                .termsOfServiceUrl("www.baidu.com")
                .contact(new Contact("Q_先生", "www.baidu.com", "郵箱"))
                .version("1.0")
                .build();
    }
}

2.使用SecurityScheme和SecurityContext支持配置Swagger以訪問我們的安全API  ：

package com.dongsport.configuration;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.*;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spi.service.contexts.SecurityContext;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

import java.util.List;

import static com.google.common.collect.Lists.newArrayList;

/**
 * @ClassName SwaggerConfigurer
 * @Description Swagger2 配置文件
 * @Author Q_先生
 * @Date 2018/4/27 15:01
 **/
@Configuration
@EnableSwagger2
public class SwaggerConfiguration {

    @Bean
    public Docket createRestApi() {

        return new Docket(DocumentationType.SWAGGER_2).
                useDefaultResponseMessages(false)
                .select()
                .apis(RequestHandlerSelectors.any())
                .paths(PathSelectors.regex("^(?!auth).*$"))
                .build()
                .apiInfo(productApiInfo())
                .securitySchemes(securitySchemes())
                .securityContexts(securityContexts())
                ;

    }

    private List<ApiKey> securitySchemes() {
        return newArrayList(
                new ApiKey("Authorization", "Authorization", "header"));
    }

    private List<SecurityContext> securityContexts() {
        return newArrayList(
                SecurityContext.builder()
                        .securityReferences(defaultAuth())
                        .forPaths(PathSelectors.regex("^(?!auth).*$"))
                        .build()
        );
    }

    List<SecurityReference> defaultAuth() {
        AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
        AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
        authorizationScopes[0] = authorizationScope;
        return newArrayList(
                new SecurityReference("Authorization", authorizationScopes));
    }

    private ApiInfo productApiInfo() {
        return new ApiInfoBuilder()
                .title("使用Swagger2構建RESTful APIs")
                .description("物華天寶 , 龍光射牛斗之墟 \r" +
                        "人傑地靈 , 徐孺下陳蕃之榻")
                .termsOfServiceUrl("www.baidu.com")
                .contact(new Contact("Q_先生", "www.baidu.com", "郵箱"))
                .version("1.0")
                .build();
    }
}

會出現一個Authorization的圖標

點擊Authorization 后出現一個彈框 , 你登錄之后回去到你的票據填到這里,, 帶權限的接口就可以訪問了

問題二 : 如何給http://localhost:8081/swagger-ui.html接口地址ui也加上權限,如果別人知道你服務器地址就可以直接訪問了

等解決了在修正...................留個坑

 

 

本文參考:http://www.leftso.com/blog/393.html  

感謝大神的分享

Spring Boot Security Swagger2整合生成安全的在線REST API文檔 SpringMVC也可參考