如何使用来自 Microprofile Openapi 的注释传递 JWT 令牌 swagger-ui
How to pass JWT token using annotations from the Microprofile Openapi swagger-ui
如何使用来自 Microprofile Openapi swagger-ui 的注释将 JWT Bearer header 令牌传递到我的端点?
我可以像这样使用 curl 传递它:
curl -X 'GET' \
'http://localhost:8080/users/felipe/products' \
-H 'accept: application/json' \
-H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2NvbS5oZWxlc3RvIiwidXBuIjoiZmVsaXBlIiwiZ3JvdXBzIjpbIlVzZXIiLCJBZG1pbiJdLCJiaXJ0aGRhdGUiOiIxOTgzLTAzLTI1IiwiaWF0IjoxNjI1MTgyMTcxLCJleHAiOjE2MjUxODI0NzEsImp0aSI6IjI2ZmYzZjczLTE0NWUtNDM2NC04NTE2LWIwNzU0YTU2YTdmYyJ9.J9S8z0IMF5XLeRfhj7u-HURSVeGUhm59Wowd56dInbC-HkKHT9aUjKN4eOeSWAWkgehBazvjkn9PZegpud1up3WRaffrx6AxYSRUAYJ205y7yjzSgbdDo6cYB3UT7dxrdcT3pczxb8X2A6YJYeOFnPoVILKlbVAJqFXAQdupLrs9V8UZCS4VGflE1AhcxQZR1rTSe6bTGeUNz4eX7vxcyL6HP_B4MhSYOnBcWtKSf1PEvPmbTfcbxK30uqA52jtSI8jMCUHw3XFTU9q_GQ4I0LMKHADj-aORGjvIZj4dZTofso_fP-ISnSnCy0qUI-Rv0yY5lHo135IgIhcz2yem5w'
我从 quarkusio/registry.quarkus.io project and made some adjusts from the SecuritySchemeType.APIKEY to the SecuritySchemeType.HTTP using the docs of the swagger.io project about the bearer-authentication, made this annotations below and everything worked available in this gist:
从 AdminApi class 复制了一个示例
import java.util.List;
import javax.annotation.security.RolesAllowed;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.eclipse.microprofile.openapi.annotations.enums.SecuritySchemeIn;
import org.eclipse.microprofile.openapi.annotations.enums.SecuritySchemeType;
import org.eclipse.microprofile.openapi.annotations.security.SecurityRequirement;
import org.eclipse.microprofile.openapi.annotations.security.SecurityScheme;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
@Path("users/{user}/products")
@RequestScoped
@Produces("application/json")
@Consumes("application/json")
@Tag(name = "Products")
@SecurityScheme(securitySchemeName = "Authentication",
description = "JWT token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "JWT",
in = SecuritySchemeIn.HEADER)
public class ProductResource {
@Inject
JsonWebToken jwt;
@GET
@RolesAllowed({ "User", "Admin" })
@SecurityRequirement(name = "Authentication")
public List<Product> getByUserName(@PathParam("user") String user, @Context SecurityContext ctx) {
return Product.listByUserName(user);
}
}
当我启动 swagger-ui 时,我可以使用授权按钮通知 JWT 令牌:
现在,当我执行端点时,swagger-ui 将 JWT 令牌添加到 header:
curl -X 'GET' \
'http://localhost:8080/users/felipe/products' \
-H 'accept: application/json' \
-H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2NvbS5oZWxlc3RvIiwidXBuIjoiZmVsaXBlIiwiZ3JvdXBzIjpbIlVzZXIiLCJBZG1pbiJdLCJiaXJ0aGRhdGUiOiIxOTgzLTAzLTI1IiwiaWF0IjoxNjI1MTgyMTcxLCJleHAiOjE2MjUxODI0NzEsImp0aSI6IjI2ZmYzZjczLTE0NWUtNDM2NC04NTE2LWIwNzU0YTU2YTdmYyJ9.J9S8z0IMF5XLeRfhj7u-HURSVeGUhm59Wowd56dInbC-HkKHT9aUjKN4eOeSWAWkgehBazvjkn9PZegpud1up3WRaffrx6AxYSRUAYJ205y7yjzSgbdDo6cYB3UT7dxrdcT3pczxb8X2A6YJYeOFnPoVILKlbVAJqFXAQdupLrs9V8UZCS4VGflE1AhcxQZR1rTSe6bTGeUNz4eX7vxcyL6HP_B4MhSYOnBcWtKSf1PEvPmbTfcbxK30uqA52jtSI8jMCUHw3XFTU9q_GQ4I0LMKHADj-aORGjvIZj4dZTofso_fP-ISnSnCy0qUI-Rv0yY5lHo135IgIhcz2yem5w'
如何使用来自 Microprofile Openapi swagger-ui 的注释将 JWT Bearer header 令牌传递到我的端点?
我可以像这样使用 curl 传递它:
curl -X 'GET' \
'http://localhost:8080/users/felipe/products' \
-H 'accept: application/json' \
-H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2NvbS5oZWxlc3RvIiwidXBuIjoiZmVsaXBlIiwiZ3JvdXBzIjpbIlVzZXIiLCJBZG1pbiJdLCJiaXJ0aGRhdGUiOiIxOTgzLTAzLTI1IiwiaWF0IjoxNjI1MTgyMTcxLCJleHAiOjE2MjUxODI0NzEsImp0aSI6IjI2ZmYzZjczLTE0NWUtNDM2NC04NTE2LWIwNzU0YTU2YTdmYyJ9.J9S8z0IMF5XLeRfhj7u-HURSVeGUhm59Wowd56dInbC-HkKHT9aUjKN4eOeSWAWkgehBazvjkn9PZegpud1up3WRaffrx6AxYSRUAYJ205y7yjzSgbdDo6cYB3UT7dxrdcT3pczxb8X2A6YJYeOFnPoVILKlbVAJqFXAQdupLrs9V8UZCS4VGflE1AhcxQZR1rTSe6bTGeUNz4eX7vxcyL6HP_B4MhSYOnBcWtKSf1PEvPmbTfcbxK30uqA52jtSI8jMCUHw3XFTU9q_GQ4I0LMKHADj-aORGjvIZj4dZTofso_fP-ISnSnCy0qUI-Rv0yY5lHo135IgIhcz2yem5w'
我从 quarkusio/registry.quarkus.io project and made some adjusts from the SecuritySchemeType.APIKEY to the SecuritySchemeType.HTTP using the docs of the swagger.io project about the bearer-authentication, made this annotations below and everything worked available in this gist:
import java.util.List;
import javax.annotation.security.RolesAllowed;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.eclipse.microprofile.openapi.annotations.enums.SecuritySchemeIn;
import org.eclipse.microprofile.openapi.annotations.enums.SecuritySchemeType;
import org.eclipse.microprofile.openapi.annotations.security.SecurityRequirement;
import org.eclipse.microprofile.openapi.annotations.security.SecurityScheme;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
@Path("users/{user}/products")
@RequestScoped
@Produces("application/json")
@Consumes("application/json")
@Tag(name = "Products")
@SecurityScheme(securitySchemeName = "Authentication",
description = "JWT token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "JWT",
in = SecuritySchemeIn.HEADER)
public class ProductResource {
@Inject
JsonWebToken jwt;
@GET
@RolesAllowed({ "User", "Admin" })
@SecurityRequirement(name = "Authentication")
public List<Product> getByUserName(@PathParam("user") String user, @Context SecurityContext ctx) {
return Product.listByUserName(user);
}
}
当我启动 swagger-ui 时,我可以使用授权按钮通知 JWT 令牌:
现在,当我执行端点时,swagger-ui 将 JWT 令牌添加到 header:
curl -X 'GET' \
'http://localhost:8080/users/felipe/products' \
-H 'accept: application/json' \
-H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2NvbS5oZWxlc3RvIiwidXBuIjoiZmVsaXBlIiwiZ3JvdXBzIjpbIlVzZXIiLCJBZG1pbiJdLCJiaXJ0aGRhdGUiOiIxOTgzLTAzLTI1IiwiaWF0IjoxNjI1MTgyMTcxLCJleHAiOjE2MjUxODI0NzEsImp0aSI6IjI2ZmYzZjczLTE0NWUtNDM2NC04NTE2LWIwNzU0YTU2YTdmYyJ9.J9S8z0IMF5XLeRfhj7u-HURSVeGUhm59Wowd56dInbC-HkKHT9aUjKN4eOeSWAWkgehBazvjkn9PZegpud1up3WRaffrx6AxYSRUAYJ205y7yjzSgbdDo6cYB3UT7dxrdcT3pczxb8X2A6YJYeOFnPoVILKlbVAJqFXAQdupLrs9V8UZCS4VGflE1AhcxQZR1rTSe6bTGeUNz4eX7vxcyL6HP_B4MhSYOnBcWtKSf1PEvPmbTfcbxK30uqA52jtSI8jMCUHw3XFTU9q_GQ4I0LMKHADj-aORGjvIZj4dZTofso_fP-ISnSnCy0qUI-Rv0yY5lHo135IgIhcz2yem5w'