Java 在使用OpenAPI 3.0/Swagger生成的api中使用oauth2进行身份验证
我目前正在从事一个项目,我需要一个API,为此我选择使用OpenAPI 3.0生成它。我的目标语言是SpringJava 我的问题是,我的服务器不拒绝http请求,请求者没有使用我的oauth2安全方案获得授权 例如,如果用户没有来自授权服务器的令牌,我希望作业路径的GET请求返回401 NOT AUTHORIZED响应代码。相反,我只是被允许访问资源 我已经创建了一个在localhost:9000上运行的授权服务器。如果我没有运行授权服务器,我仍然希望API在请求者未授权的情况下返回401 NOT AUTHORIZED响应代码(我错了吗?)。生成的API类似乎还具有包含授权范围和方案的正确注释(请参见下面的示例) 有人知道我做错了什么吗 系统版本:Java 在使用OpenAPI 3.0/Swagger生成的api中使用oauth2进行身份验证,java,spring,openapi,swagger-codegen,openapi-generator,Java,Spring,Openapi,Swagger Codegen,Openapi Generator,我目前正在从事一个项目,我需要一个API,为此我选择使用OpenAPI 3.0生成它。我的目标语言是SpringJava 我的问题是,我的服务器不拒绝http请求,请求者没有使用我的oauth2安全方案获得授权 例如,如果用户没有来自授权服务器的令牌,我希望作业路径的GET请求返回401 NOT AUTHORIZED响应代码。相反,我只是被允许访问资源 我已经创建了一个在localhost:9000上运行的授权服务器。如果我没有运行授权服务器,我仍然希望API在请求者未授权的情况下返回401 N
openapi: "3.0.3"
info:
description: "API definition"
version: "1.0.0"
title: "Title"
servers:
- url: http://localhost:8080
components:
schemas:
job:
type: object
properties:
name:
type: string
id:
type: integer
format: i64
default: 0
securitySchemes:
OAuth2:
type: oauth2
flows:
authorizationCode:
authorizationUrl: http://localhost:9000/oauth2/authorize
tokenUrl: http://localhost:9000/oauth2/token
scopes:
read: Grants read access
write: Grants write access
admin: Grants access to admin operations
security:
- OAuth2:
- read
- write
paths:
/jobs:
get:
description: Returns a job file
operationId: jobsGet
"parameters": [
{
"in": "query",
"name": "name",
"description": "Job object that needs to be added to the store",
"required": true,
"schema": {
"$ref": '#/components/schemas/job'
}
}
]
responses:
'200':
description: OK - Job recieved
content:
application/json:
schema:
type: string
format: binary
post:
operationId: jobsPost
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
name:
type: string
file:
type: string
format: binary
responses:
'200':
description: OK - Job Posted
content:
application/json:
schema:
type: integer
Macos Catalina 10.15.7
Java 1.8
OpenAPI 3.03
openapi-generator-cli-4.3.1
Intellij 20.2.3
我的API在以下YAML文件中定义:
openapi: "3.0.3"
info:
description: "API definition"
version: "1.0.0"
title: "Title"
servers:
- url: http://localhost:8080
components:
schemas:
job:
type: object
properties:
name:
type: string
id:
type: integer
format: i64
default: 0
securitySchemes:
OAuth2:
type: oauth2
flows:
authorizationCode:
authorizationUrl: http://localhost:9000/oauth2/authorize
tokenUrl: http://localhost:9000/oauth2/token
scopes:
read: Grants read access
write: Grants write access
admin: Grants access to admin operations
security:
- OAuth2:
- read
- write
paths:
/jobs:
get:
description: Returns a job file
operationId: jobsGet
"parameters": [
{
"in": "query",
"name": "name",
"description": "Job object that needs to be added to the store",
"required": true,
"schema": {
"$ref": '#/components/schemas/job'
}
}
]
responses:
'200':
description: OK - Job recieved
content:
application/json:
schema:
type: string
format: binary
post:
operationId: jobsPost
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
name:
type: string
file:
type: string
format: binary
responses:
'200':
description: OK - Job Posted
content:
application/json:
schema:
type: integer
已生成作业API。似乎正确吗?
@Validated
@Api(
value = "jobs",
description = "the jobs API"
)
public interface JobsApi {
default Optional<NativeWebRequest> getRequest() {
return Optional.empty();
}
@ApiOperation(
value = "",
nickname = "jobsGet",
notes = "Returns a job file",
response = Resource.class,
authorizations = {@Authorization(
value = "OAuth2",
scopes = {@AuthorizationScope(
scope = "read",
description = "Grants read access"
), @AuthorizationScope(
scope = "write",
description = "Grants write access"
)}
)},
tags = {}
)
@ApiResponses({@ApiResponse(
code = 200,
message = "OK - Job recieved",
response = Resource.class
)})
@RequestMapping(
value = {"/jobs"},
produces = {"application/json"},
method = {RequestMethod.GET}
)
default ResponseEntity<Resource> jobsGet(@NotNull @ApiParam(value = "Job object that needs to be added to the store",required = true) @Valid Job name) {
return new ResponseEntity(HttpStatus.NOT_IMPLEMENTED);
}
@ApiOperation(
value = "",
nickname = "jobsPost",
notes = "",
response = Integer.class,
authorizations = {@Authorization(
value = "OAuth2",
scopes = {@AuthorizationScope(
scope = "read",
description = "Grants read access"
), @AuthorizationScope(
scope = "write",
description = "Grants write access"
)}
)},
tags = {}
)
@ApiResponses({@ApiResponse(
code = 200,
message = "OK - Job Posted",
response = Integer.class
)})
@RequestMapping(
value = {"/jobs"},
produces = {"application/json"},
consumes = {"multipart/form-data"},
method = {RequestMethod.POST}
)
default ResponseEntity<Integer> jobsPost(@ApiParam("") @RequestPart(value = "name",required = false) String name, @ApiParam("") @Valid @RequestPart("file") MultipartFile file) {
return new ResponseEntity(HttpStatus.NOT_IMPLEMENTED);
}
}
@已验证
@原料药(
value=“作业”,
description=“作业API”
)
公共接口JobsApi{
默认可选getRequest(){
返回可选的.empty();
}
@蜂房手术(
value=“”,
昵称=“作业集”,
notes=“返回作业文件”,
response=Resource.class,
授权={@Authorization(
value=“OAuth2”,
scopes={@AuthorizationScope(
scope=“read”,
description=“授予读取权限”
),@AuthorizationScope(
scope=“write”,
description=“授予写访问权限”
)}
)},
标记={}
)
@ApiResponse({@ApiResponse(
代码=200,
message=“确定-已收到作业”,
response=Resource.class
)})
@请求映射(
值={“/作业”},
生成={“应用程序/json”},
方法={RequestMethod.GET}
)
默认响应属性作业集(@NotNull@ApiParam(value=“需要添加到存储的作业对象”,required=true)@有效作业名称){
返回新的响应状态(HttpStatus.NOT_IMPLEMENTED);
}
@蜂房手术(
value=“”,
昵称=“jobsPost”,
注:”,
response=Integer.class,
授权={@Authorization(
value=“OAuth2”,
scopes={@AuthorizationScope(
scope=“read”,
description=“授予读取权限”
),@AuthorizationScope(
scope=“write”,
description=“授予写访问权限”
)}
)},
标记={}
)
@ApiResponse({@ApiResponse(
代码=200,
message=“确定-作业已发布”,
response=Integer.class
)})
@请求映射(
值={“/作业”},
生成={“应用程序/json”},
使用={“多部分/表单数据”},
方法={RequestMethod.POST}
)
默认响应属性jobsPost(@ApiParam(“”@RequestPart(value=“name”,required=false)字符串名,@ApiParam(“”@Valid@RequestPart(“文件”)多部分文件){
返回新的响应状态(HttpStatus.NOT_IMPLEMENTED);
}
}