使用 JWT 配置 swagger

Question

使用 JWT 配置 swagger

art*_*emk 3 java jwt swagger spring-boot

我想为我的 SpringBoot 应用程序安装 SWAGER。似乎 JWT 不提供对 swagger URL 的访问权限。

我正在尝试通过 url 访问此地址 localhost:8088/swagger-ui.html

这是 SwaggerConfig 类

@EnableSwagger2
@Configuration
public class SwaggerConfig {


@Bean
public Docket productApi() {
    return new Docket(DocumentationType.SWAGGER_2)
            .select()
            .apis(RequestHandlerSelectors.basePackage("Path.to.my.controller"))

            .build();

}


}

Run Code Online (Sandbox Code Playgroud)

我也试图从链接添加 WebAppConfig与下一个内容

@Configuration
@EnableWebMvc
public class WebAppConfig extends WebMvcConfigurerAdapter {

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler("swagger-ui.html").addResourceLocations("classpath:/META-INF/resources/");
    registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
}

}

Run Code Online (Sandbox Code Playgroud)

并尝试设置忽略网址：

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/resources/**");
}

}

Run Code Online (Sandbox Code Playgroud)

此版本的代码从 swagger url 自动重定向到“localhost:8088/login”。但下一个返回只是空页

更新

  web.ignoring().antMatchers("/", "/configuration/ui", "/swagger-resources", "/configuration/security", "/swagger-ui.html", "/webjars/**");

Run Code Online (Sandbox Code Playgroud)

间隙中的网址是我在调试问题时看到的网址。这个 url 被 swagger 调用。

更新部分结束

主班

 @SpringBootApplication
public class Application extends SpringBootServletInitializer {

    public static void main(String[] args) {
    TimeZone.setDefault(TimeZone.getTimeZone("Etc/UTC"));
    SpringApplication app = new SpringApplication(Application.class);
    app.run();
}

@Bean
@Autowired
public FilterRegistrationBean jwtFilterRegistration(JwtUtil jwtUtil, UserService userService) {
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter(new JwtFilter(jwtUtil, userService));

    filterRegistrationBean.addUrlPatterns("/*");

    // ordering in the filter chain
    filterRegistrationBean.setOrder(1);
    return filterRegistrationBean;
}

// Request Interceptor for checking permission with custom annotation.
@Bean
public MappedInterceptor PermissionHandlerInterceptor() {
    return new MappedInterceptor(null, new PermissionHandlerInterceptor());
}

Run Code Online (Sandbox Code Playgroud)

}

Pom xml 包含所有需要的依赖项。当我在 Main 类 jwt 方法中发表评论时，我可以访问 swagger。所以我在 JWT 中得出了这个问题的结论。如果需要一些额外的信息，我会补充。

更新

起初 swagger-url 给白标页面一个错误“Unathorized” 在对代码进行一些操作后，它给出了空页面。

Answer 1

Irs*_*dee 5

我最近也不得不这样做。您需要告诉您的 Spring Security 允许所有 Swagger 资源。尝试这个：

 @Override
 protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()


.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()

            // don't create session

.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()          

            .authorizeRequests()

            // allow anonymous resource requests
            .antMatchers(
                    HttpMethod.GET,
                    "/",
                    "/v2/api-docs",           // swagger
                    "/webjars/**",            // swagger-ui webjars
                    "/swagger-resources/**",  // swagger-ui resources
                    "/configuration/**",      // swagger configuration
                    "/*.html",
                    "/favicon.ico",
                    "/**/*.html",
                    "/**/*.css",
                    "/**/*.js"
            ).permitAll()
            .antMatchers("/auth/**").permitAll()
            .anyRequest().authenticated();

    // Custom JWT based security filter
    httpSecurity
            .addFilterBefore(authenticationTokenFilter, 
UsernamePasswordAuthenticationFilter.class);

    // disable page caching
    httpSecurity.headers().cacheControl();
}

Run Code Online (Sandbox Code Playgroud)

这是我的 Swagger 档案配置。如果您想将令牌应用于所有端点，它还包括授权标头。

@Bean
public Docket newsApi() {
    return new Docket(DocumentationType.SWAGGER_2)
            .select()
            .apis(RequestHandlerSelectors.any())
            .paths(PathSelectors.any())
            .build()
            .securitySchemes(Lists.newArrayList(apiKey()))
            .securityContexts(Lists.newArrayList(securityContext()))
            .apiInfo(generateApiInfo());
}

@Bean
SecurityContext securityContext() {
    return SecurityContext.builder()
            .securityReferences(defaultAuth())
            .forPaths(PathSelectors.any())
            .build();
}

List<SecurityReference> defaultAuth() {
    AuthorizationScope authorizationScope
            = new AuthorizationScope("global", "accessEverything");
    AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
    authorizationScopes[0] = authorizationScope;
    return Lists.newArrayList(
            new SecurityReference("JWT", authorizationScopes));
}

private ApiKey apiKey() {
    return new ApiKey("JWT", "Authorization", "header");
}

Run Code Online (Sandbox Code Playgroud)

归档时间：	8 年前
查看次数：	4417 次
最近记录：	5 年，5 月前