Swagger - 将多个安全参数添加到同一模式定义
Swagger - Adding multiple security parameters to the same schema definition
目标
为 API
中的每个请求添加多重安全 headers
问题
我正在尝试将多个 headers 添加到我的 Swagger YAML 安全定义中。
我已经搜索过 API 但运气不佳
但是我发现在制作 'Try-This-Operation' 时我需要 select 一个。而不是能够同时使用两者。这是正确的还是我做错了什么?
片段
securityDefinitions:
userEmail:
type: apiKey
name: User Email
in: header
clientId:
type: apiKey
name: Client Id
in: header
security: [ { userEmail: [], clientId: [] } ]
替代?
如果我想做这不可能的事...
是否可以将这些参数指定为 swagger 文档中所有其余路径的默认值?
本周我是 Swagger 的新手,我发现其他一切都没有问题......但我找不到任何好的例子。
如果能提供任何指导,那将非常有帮助
非常感谢
您的 SecurityDefintions 对象看起来没问题。当心
security: [ { userEmail: [], clientId: [] } ]
表示 API 客户端必须同时使用 userEmail 身份验证和 clientId 身份验证!你的意思可能是:
security: [ { userEmail: [] }, { clientId: [] } ]
这意味着 API 客户端必须使用 userEmail 身份验证或 clientId 身份验证。
为避免一遍又一遍地重复此定义,您可以使用全局 security 属性 应用于没有自己的 security 对象的所有路径:
security: [ { userEmail: [] }, { clientId: [] } ]
paths:
"/foo":
get:
post:
或使用参考来明确或多个公共值:
paths:
"/foo":
get:
security:
"$ref": "#/definitions/lowSecurity"
post:
security:
"$ref": "#/definitions/highSecurity"
definitions:
lowSecurity: [ { foo: [] }, { bar: [] } ]
highSecurity: [ { foo: [] } ]
参考
Swagger2 规范在 Operation Object 下声明:
security:
[Security Requirement Object]
A declaration of which security schemes are applied for this operation. The list of values describes alternative security schemes that can be used (that is, there is a logical OR between the security requirements). This definition overrides any declared top-level security. To remove a top-level security declaration, an empty array can be used.
Security Requirement Object是这样描述的:
Lists the required security schemes to execute this operation. The object can have multiple security schemes declared in it which are all required (that is, there is a logical AND between the schemes).
The name used for each property MUST correspond to a security scheme declared in the Security Definitions.
美洲国家组织 3:https://swagger.io/docs/specification/authentication/
Using Multiple Authentication Types
Some REST APIs support several authentication types. The security section lets you combine the security requirements using logical OR and AND to achieve the desired result. security uses the following logic:
security: # A OR B
- A
- B
security: # A AND B
- A
B
security: # (A AND B) OR (C AND D)
- A
B
- C
D
目标
为 API
中的每个请求添加多重安全 headers问题
我正在尝试将多个 headers 添加到我的 Swagger YAML 安全定义中。 我已经搜索过 API 但运气不佳 但是我发现在制作 'Try-This-Operation' 时我需要 select 一个。而不是能够同时使用两者。这是正确的还是我做错了什么?
片段
securityDefinitions:
userEmail:
type: apiKey
name: User Email
in: header
clientId:
type: apiKey
name: Client Id
in: header
security: [ { userEmail: [], clientId: [] } ]
替代?
如果我想做这不可能的事... 是否可以将这些参数指定为 swagger 文档中所有其余路径的默认值?
本周我是 Swagger 的新手,我发现其他一切都没有问题......但我找不到任何好的例子。
如果能提供任何指导,那将非常有帮助 非常感谢
您的 SecurityDefintions 对象看起来没问题。当心
security: [ { userEmail: [], clientId: [] } ]
表示 API 客户端必须同时使用 userEmail 身份验证和 clientId 身份验证!你的意思可能是:
security: [ { userEmail: [] }, { clientId: [] } ]
这意味着 API 客户端必须使用 userEmail 身份验证或 clientId 身份验证。
为避免一遍又一遍地重复此定义,您可以使用全局 security 属性 应用于没有自己的 security 对象的所有路径:
security: [ { userEmail: [] }, { clientId: [] } ]
paths:
"/foo":
get:
post:
或使用参考来明确或多个公共值:
paths:
"/foo":
get:
security:
"$ref": "#/definitions/lowSecurity"
post:
security:
"$ref": "#/definitions/highSecurity"
definitions:
lowSecurity: [ { foo: [] }, { bar: [] } ]
highSecurity: [ { foo: [] } ]
参考
Swagger2 规范在 Operation Object 下声明:
security: [Security Requirement Object]A declaration of which security schemes are applied for this operation. The list of values describes alternative security schemes that can be used (that is, there is a logical OR between the security requirements). This definition overrides any declared top-level security. To remove a top-level security declaration, an empty array can be used.
Security Requirement Object是这样描述的:
Lists the required security schemes to execute this operation. The object can have multiple security schemes declared in it which are all required (that is, there is a logical AND between the schemes).
The name used for each property MUST correspond to a security scheme declared in the Security Definitions.
美洲国家组织 3:https://swagger.io/docs/specification/authentication/
Using Multiple Authentication Types
Some REST APIs support several authentication types. The
securitysection lets you combine the security requirements using logical OR and AND to achieve the desired result.securityuses the following logic:security: # A OR B - A - B security: # A AND B - A B security: # (A AND B) OR (C AND D) - A B - C D