Spring Boot&Swagger UI。设置JWT令牌
我有一个像这样的大摇大摆的配置
@EnableSwagger2
@Configuration
public class SwaggerConfig {
@Bean
public Docket api() {
List<SecurityScheme> schemeList = new ArrayList<>();
schemeList.add(new ApiKey(HttpHeaders.AUTHORIZATION, "JWT", "header"));
return new Docket(DocumentationType.SWAGGER_2)
.produces(Collections.singleton("application/json"))
.consumes(Collections.singleton("application/json"))
.ignoredParameterTypes(Authentication.class)
.securitySchemes(schemeList)
.useDefaultResponseMessages(false)
.select()
.apis(Predicates.not(RequestHandlerSelectors.basePackage("org.springframework.boot")))
.paths(PathSelectors.any())
.build();
}
}
在Swagger UI中,当我单击Authorize按钮时,我在值字段EYJHBGC..nn84QRBG中输入我的JWT令牌。现在,我希望通过Swagger UI执行的任何请求都将在头中包含JWT。然而,事实并非如此。没有任何请求包含授权标头。
我错过了什么?
共有1个答案
compile("io.springfox:springfox-swagger2:2.9.2") {
exclude module: 'mapstruct' // necessary in my case to not end up with multiple mapstruct versions
}
compile "io.springfox:springfox-bean-validators:2.9.2"
compile "io.springfox:springfox-swagger-ui:2.9.2"
@Configuration
@EnableSwagger2
@Import(springfox.bean.validators.configuration.BeanValidatorPluginsConfiguration.class)
public class SwaggerConfiguration {
public static final String AUTHORIZATION_HEADER = "Authorization";
public static final String DEFAULT_INCLUDE_PATTERN = "/api/.*";
private final Logger log = LoggerFactory.getLogger(SwaggerConfiguration.class);
@Bean
public Docket swaggerSpringfoxDocket() {
log.debug("Starting Swagger");
Contact contact = new Contact(
"Matyas Albert-Nagy",
"https://justrocket.de",
"matyas@justrocket.de");
List<VendorExtension> vext = new ArrayList<>();
ApiInfo apiInfo = new ApiInfo(
"Backend API",
"This is the best stuff since sliced bread - API",
"6.6.6",
"https://justrocket.de",
contact,
"MIT",
"https://justrocket.de",
vext);
Docket docket = new Docket(DocumentationType.SWAGGER_2)
.apiInfo(apiInfo)
.pathMapping("/")
.apiInfo(ApiInfo.DEFAULT)
.forCodeGeneration(true)
.genericModelSubstitutes(ResponseEntity.class)
.ignoredParameterTypes(Pageable.class)
.ignoredParameterTypes(java.sql.Date.class)
.directModelSubstitute(java.time.LocalDate.class, java.sql.Date.class)
.directModelSubstitute(java.time.ZonedDateTime.class, Date.class)
.directModelSubstitute(java.time.LocalDateTime.class, Date.class)
.securityContexts(Lists.newArrayList(securityContext()))
.securitySchemes(Lists.newArrayList(apiKey()))
.useDefaultResponseMessages(false);
docket = docket.select()
.paths(regex(DEFAULT_INCLUDE_PATTERN))
.build();
watch.stop();
log.debug("Started Swagger in {} ms", watch.getTotalTimeMillis());
return docket;
}
private ApiKey apiKey() {
return new ApiKey("JWT", AUTHORIZATION_HEADER, "header");
}
private SecurityContext securityContext() {
return SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(PathSelectors.regex(DEFAULT_INCLUDE_PATTERN))
.build();
}
List<SecurityReference> defaultAuth() {
AuthorizationScope authorizationScope
= new AuthorizationScope("global", "accessEverything");
AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
authorizationScopes[0] = authorizationScope;
return Lists.newArrayList(
new SecurityReference("JWT", authorizationScopes));
}
}
-
SwaggerUI 汉化版;修改了部分样式;结合SpringFox SpringFox-Swagger-UI实现API管理
-
Angular and SpringBoot both have way too much of magic, if you are one who like to be in controll of their code, then check > out my project on pure Java 11 (With Modules), Jersey and Vue.JS for UIWeb
-
我已经做了大约一个星期了。 我有一个用例,我通过主体而不是标题接收身份验证令牌,并且由于keybeapt和Spring不会自动设置用户。(原因是,对于WebSocket,我只能通过具有初始连接的主体发送身份验证令牌) 我尝试在keycloak之前拦截调用并将令牌从正文复制到标头,但这不起作用。 所以现在我想通过keydepeat手动进行身份验证(或者只是手动设置主要用户)。我可以访问JWT访问令牌
-
我试图设置本地DynamoDB实例与SpringBoot。我跟着这个,但是格拉德尔。 当我尝试运行我的应用程序时,会出现以下异常: 我知道这是由于歧义导致的依赖注入失败,但我的是一个无参数构造函数。不确定歧义在哪里。 以下是我的代码: 格雷德尔锉刀 发电机配置 代理(实体) @DynamoDBTable(tableName="Agent")公共类Agent{私有字符串代理号;私有整数id;私有企业
-
有人在springboot应用程序中找到了这样的工作示例吗? /auth控制器,用户在其中提供ActiveDirectory凭据(通过基本身份验证或POST json)并在提供有效AD凭据的情况下接收JWT令牌。不应涉及LDIF文件,Springboot应用程序将根据ldaps://ActiveDirectoryhost: 636endpoint验证凭据 /myapi控制器仅在步骤1(上图)中的有
-
如何在 Hangfire 中配置持有者令牌授权/身份验证? 我有一个自定义身份验证过滤器,它读取初始请求的身份验证令牌,但它返回401的所有其他请求(Hangfire调用)。 如何将身份令牌附加到HangFire执行的每个请求的标头中? 令牌过期后如何刷新?