springdoc / Swagger UI 没有将 OAuth2 令牌传递给 API
springdoc / Swagger UI not passing OAuth2 token to API
我正在使用 springdoc (v1.5.9) 为 API 生成 Swagger 定义。在 Swagger UI 内部进行身份验证并执行安全方法后,Spring Boot 应用程序收到的 http 请求没有身份验证 header。我已经通过 JS 调试器确认 Swagger UI 收到并存储了一个有效的身份验证令牌。
下面是 HTTP 请求,Swagger api-docs 显示了定义/应用于方法的安全方案、springdoc 配置和控制器。
我需要如何更改/添加到我的 Spring 配置以获取从 Swagger UI 传递给 API 的授权?
收到 HTTP 请求
Request received for GET '/foo/1234':
org.apache.catalina.connector.RequestFacade@71c70030
servletPath:/foo/1234
pathInfo:null
headers:
host: localhost:8070
connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
accept: application/json
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://localhost:8070/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: JSESSIONID=A0F9846102153C06D77D6ED5506CC227
Security filter chain: [
WebAsyncManagerIntegrationFilter
SecurityContextPersistenceFilter
HeaderWriterFilter
CsrfFilter
LogoutFilter
BearerTokenAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
api-docs
{
"openapi": "3.0.1",
"info": {
"title": "My App",
"version": "v1"
},
"servers": [
{
"url": "http://localhost:8070",
"description": "Generated server url"
}
],
"paths": {
"/foo/{id}": {
"get": {
"tags": [
"foo"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
},
"security": [
{
"custom": [
]
}
]
}
},
"securitySchemes": {
"access_token": {
"type": "oauth2",
"in": "header",
"scheme": "custom",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://login.myauthsever.com/v2/oauth/authorize",
"tokenUrl": "https://login.myauthsever.com/v2/oauth/token",
"scopes": {
}
}
}
}
}
}
}
打开API 配置
@OpenAPIDefinition(info = @Info(title = "My App", version = "v1"))
@SecurityScheme(scheme = "custom", type = SecuritySchemeType.OAUTH2, in = SecuritySchemeIn.HEADER, name = "access_token",
flows = @OAuthFlows(authorizationCode = @OAuthFlow(
authorizationUrl = "https://login.myauthsever.com/v2/oauth/authorize",
tokenUrl = "https://login.myauthsever.com/v2/oauth/token", scopes = {})))
public class OpenApiConfig {
}
控制器
@RestController
@Tag(name = "foo")
@SecurityRequirement(name = "custom")
public class SystemSigController {
@GetMapping(path = "/foo/{id}")
String getFoo(@PathVariable String id) {
...
}
}
@SecurityRequirement.name 值必须与 @SecurityScheme.name 相同。
既然你有@SecurityScheme(..., name = "access_token"...),控制器必须使用:
@SecurityRequirement(name = "access_token")
我正在使用 springdoc (v1.5.9) 为 API 生成 Swagger 定义。在 Swagger UI 内部进行身份验证并执行安全方法后,Spring Boot 应用程序收到的 http 请求没有身份验证 header。我已经通过 JS 调试器确认 Swagger UI 收到并存储了一个有效的身份验证令牌。
下面是 HTTP 请求,Swagger api-docs 显示了定义/应用于方法的安全方案、springdoc 配置和控制器。
我需要如何更改/添加到我的 Spring 配置以获取从 Swagger UI 传递给 API 的授权?
收到 HTTP 请求
Request received for GET '/foo/1234':
org.apache.catalina.connector.RequestFacade@71c70030
servletPath:/foo/1234
pathInfo:null
headers:
host: localhost:8070
connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
accept: application/json
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://localhost:8070/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: JSESSIONID=A0F9846102153C06D77D6ED5506CC227
Security filter chain: [
WebAsyncManagerIntegrationFilter
SecurityContextPersistenceFilter
HeaderWriterFilter
CsrfFilter
LogoutFilter
BearerTokenAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
api-docs
{
"openapi": "3.0.1",
"info": {
"title": "My App",
"version": "v1"
},
"servers": [
{
"url": "http://localhost:8070",
"description": "Generated server url"
}
],
"paths": {
"/foo/{id}": {
"get": {
"tags": [
"foo"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
},
"security": [
{
"custom": [
]
}
]
}
},
"securitySchemes": {
"access_token": {
"type": "oauth2",
"in": "header",
"scheme": "custom",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://login.myauthsever.com/v2/oauth/authorize",
"tokenUrl": "https://login.myauthsever.com/v2/oauth/token",
"scopes": {
}
}
}
}
}
}
}
打开API 配置
@OpenAPIDefinition(info = @Info(title = "My App", version = "v1"))
@SecurityScheme(scheme = "custom", type = SecuritySchemeType.OAUTH2, in = SecuritySchemeIn.HEADER, name = "access_token",
flows = @OAuthFlows(authorizationCode = @OAuthFlow(
authorizationUrl = "https://login.myauthsever.com/v2/oauth/authorize",
tokenUrl = "https://login.myauthsever.com/v2/oauth/token", scopes = {})))
public class OpenApiConfig {
}
控制器
@RestController
@Tag(name = "foo")
@SecurityRequirement(name = "custom")
public class SystemSigController {
@GetMapping(path = "/foo/{id}")
String getFoo(@PathVariable String id) {
...
}
}
@SecurityRequirement.name 值必须与 @SecurityScheme.name 相同。
既然你有@SecurityScheme(..., name = "access_token"...),控制器必须使用:
@SecurityRequirement(name = "access_token")