Jakarta ee 在JavaEE/Jersey中为生成的招摇过市UI添加承载令牌字段
我有一个JavaEE8应用程序,在其中我使用OpenAPI注释来定义我的REST端点,并自动生成一个招摇过市UI。对于身份验证,我使用JSON Web令牌(JWT) 当我从邮递员那里发送请求时,一切都正常,但是,我不知道如何在我的招摇过市UI中添加一个承载令牌字段Jakarta ee 在JavaEE/Jersey中为生成的招摇过市UI添加承载令牌字段,jakarta-ee,jersey,jwt,swagger-ui,openapi,Jakarta Ee,Jersey,Jwt,Swagger Ui,Openapi,我有一个JavaEE8应用程序,在其中我使用OpenAPI注释来定义我的REST端点,并自动生成一个招摇过市UI。对于身份验证,我使用JSON Web令牌(JWT) 当我从邮递员那里发送请求时,一切都正常,但是,我不知道如何在我的招摇过市UI中添加一个承载令牌字段 我正在用@SecurityScheme注释定义我的安全方案: @SecurityScheme( securitySchemeName = "JWT", description = "JWT authe
我正在用
@SecurityScheme
注释定义我的安全方案:
@SecurityScheme(
securitySchemeName = "JWT",
description = "JWT authentication with bearer token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "Bearer [token]"
)
public class ApplicationConfig extends Application {
}
@OpenAPIDefinition(
info = @Info(title = "My application", version = "1.0.0"),
servers = {@Server(url = "/myapp", description = "localhost") },
security = @SecurityRequirement(name = "JWT"),
components = @Components(securitySchemes = @SecurityScheme(
securitySchemeName = "JWT",
description = "JWT authentication with bearer token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "Bearer [token]"))
)
public class ApplicationConfig extends Application {
}
我尝试将此方案作为@SecurityRequirement
添加到我的资源的@OpenAPIDefinition
注释中,并直接添加到我的方法中
@Path("/items")
@OpenAPIDefinition(
info = @Info(title = "Items resource", version = "v1"),
security = @SecurityRequirement(name = "JWT")
)
@Transactional(value = TxType.REQUIRES_NEW)
@Interceptors({RolesAllowedInterceptor.class})
@SecurityScheme(
securitySchemeName = "JWT",
description = "JWT authentication with bearer token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "Bearer [token]"
)
public class ItemsResource {
(...)
@GET
@Operation(description = "Returns the item list overview")
@APIResponse(responseCode = "200", description = "Valid response")
@APIResponse(responseCode = "401", description = "Authentication required")
@APIResponse(responseCode = "500", description = "Unexpected exception")
@Produces({MediaType.APPLICATION_JSON})
@SecurityRequirement(name ="JWT", scopes = "write: read")
@RolesAllowed({Constants.USER_ROLE_EXPERT})
public Response getItemListOverview() throws TechnicalException {
ItemListOverviewVO itemListOverviewVO = logic.getItemListOverview();
return Response.status(Status.OK).entity(itemListOverviewVO).build();
}
因此,我现在在我的OpenAPI JSON文件中有了security
信息,但在UI中仍然没有用于授权参数的字段
我还发现,在旧的Swagger API中曾经有一个
@apimplicitParameter
注释(请参阅),但它似乎已从OpenAPI中删除
因此,我尝试使用@HeaderParam
(请参阅):
现在在我的UI中有一个授权字段,但是当我测试端点时,请求没有授权头。我无法在浏览器的网络分析中看到它
到目前为止,这项研究没有什么帮助。我在这里遗漏了什么吗?关键是在
@Components()
中嵌入@SecurityScheme
注释,并将其作为参数传递给@OpenAPIDefinition
注释:
@SecurityScheme(
securitySchemeName = "JWT",
description = "JWT authentication with bearer token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "Bearer [token]"
)
public class ApplicationConfig extends Application {
}
@OpenAPIDefinition(
info = @Info(title = "My application", version = "1.0.0"),
servers = {@Server(url = "/myapp", description = "localhost") },
security = @SecurityRequirement(name = "JWT"),
components = @Components(securitySchemes = @SecurityScheme(
securitySchemeName = "JWT",
description = "JWT authentication with bearer token",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "Bearer [token]"))
)
public class ApplicationConfig extends Application {
}