Jakarta ee 在JavaEE/Jersey中为生成的招摇过市UI添加承载令牌字段_Jakarta Ee_Jersey_Jwt_Swagger Ui_Openapi

Jakarta ee 在JavaEE/Jersey中为生成的招摇过市UI添加承载令牌字段

jakarta-ee jersey jwt

Jakarta ee 在JavaEE/Jersey中为生成的招摇过市UI添加承载令牌字段,jakarta-ee,jersey,jwt,swagger-ui,openapi,Jakarta Ee,Jersey,Jwt,Swagger Ui,Openapi,我有一个JavaEE8应用程序，在其中我使用OpenAPI注释来定义我的REST端点，并自动生成一个招摇过市UI。对于身份验证，我使用JSON Web令牌（JWT）当我从邮递员那里发送请求时，一切都正常，但是，我不知道如何在我的招摇过市UI中添加一个承载令牌字段我正在用@SecurityScheme注释定义我的安全方案： @SecurityScheme( securitySchemeName = "JWT", description = "JWT authe

我有一个JavaEE8应用程序，在其中我使用OpenAPI注释来定义我的REST端点，并自动生成一个招摇过市UI。对于身份验证，我使用JSON Web令牌（JWT）

当我从邮递员那里发送请求时，一切都正常，但是，我不知道如何在我的招摇过市UI中添加一个承载令牌字段

我正在用

@SecurityScheme

注释定义我的安全方案：

@SecurityScheme(
        securitySchemeName = "JWT",
        description = "JWT authentication with bearer token",
        type = SecuritySchemeType.HTTP,
        scheme = "bearer",
        bearerFormat = "Bearer [token]"
)
public class ApplicationConfig extends Application {

}

@OpenAPIDefinition(
        info = @Info(title = "My application", version = "1.0.0"),
        servers = {@Server(url = "/myapp", description = "localhost") },
        security = @SecurityRequirement(name = "JWT"),
        components = @Components(securitySchemes = @SecurityScheme(
                securitySchemeName = "JWT",
                description = "JWT authentication with bearer token",
                type = SecuritySchemeType.HTTP,
                scheme = "bearer",
                bearerFormat = "Bearer [token]"))
)
public class ApplicationConfig extends Application {

}

我尝试将此方案作为

@SecurityRequirement

添加到我的资源的

@OpenAPIDefinition

注释中，并直接添加到我的方法中

@Path("/items")
@OpenAPIDefinition(
        info = @Info(title = "Items resource", version = "v1"),
        security = @SecurityRequirement(name = "JWT")
)
@Transactional(value = TxType.REQUIRES_NEW)
@Interceptors({RolesAllowedInterceptor.class})
@SecurityScheme(
        securitySchemeName = "JWT",
        description = "JWT authentication with bearer token",
        type = SecuritySchemeType.HTTP,
        scheme = "bearer",
        bearerFormat = "Bearer [token]"
)
public class ItemsResource {

    (...)

    @GET
    @Operation(description = "Returns the item list overview")
    @APIResponse(responseCode = "200", description = "Valid response")
    @APIResponse(responseCode = "401", description = "Authentication required")
    @APIResponse(responseCode = "500", description = "Unexpected exception")
    @Produces({MediaType.APPLICATION_JSON})
    @SecurityRequirement(name ="JWT", scopes = "write: read")
    @RolesAllowed({Constants.USER_ROLE_EXPERT})
    public Response getItemListOverview() throws TechnicalException {
        ItemListOverviewVO itemListOverviewVO = logic.getItemListOverview();
        return Response.status(Status.OK).entity(itemListOverviewVO).build();
    }

因此，我现在在我的OpenAPI JSON文件中有了

security

信息，但在UI中仍然没有用于授权参数的字段

我还发现，在旧的Swagger API中曾经有一个

@apimplicitParameter

注释（请参阅），但它似乎已从OpenAPI中删除

因此，我尝试使用

@HeaderParam

（请参阅）：

现在在我的UI中有一个授权字段，但是当我测试端点时，请求没有授权头。我无法在浏览器的网络分析中看到它

到目前为止，这项研究没有什么帮助。我在这里遗漏了什么吗？

关键是在

@Components（）

中嵌入

@SecurityScheme

注释，并将其作为参数传递给

@OpenAPIDefinition

注释：

@SecurityScheme(
        securitySchemeName = "JWT",
        description = "JWT authentication with bearer token",
        type = SecuritySchemeType.HTTP,
        scheme = "bearer",
        bearerFormat = "Bearer [token]"
)
public class ApplicationConfig extends Application {

}

@OpenAPIDefinition(
        info = @Info(title = "My application", version = "1.0.0"),
        servers = {@Server(url = "/myapp", description = "localhost") },
        security = @SecurityRequirement(name = "JWT"),
        components = @Components(securitySchemes = @SecurityScheme(
                securitySchemeName = "JWT",
                description = "JWT authentication with bearer token",
                type = SecuritySchemeType.HTTP,
                scheme = "bearer",
                bearerFormat = "Bearer [token]"))
)
public class ApplicationConfig extends Application {

}