Spring boot 使用apikey的Spring Boot Swagger身份验证
我正在尝试为swagger设置一个api密钥以保护我的api 以下是我的代码:Spring boot 使用apikey的Spring Boot Swagger身份验证,spring-boot,swagger,Spring Boot,Swagger,我正在尝试为swagger设置一个api密钥以保护我的api 以下是我的代码: import com.google.common.base.Predicates; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configurati
import com.google.common.base.Predicates;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import springfox.documentation.builders.*;
import springfox.documentation.service.*;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spi.service.contexts.SecurityContext;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
import java.util.Collections;
import java.util.List;
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Value("${version.number}")
private String version;
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(Predicates.not(RequestHandlerSelectors.basePackage("org.springframework.boot")))
.paths(PathSelectors.any())
.build()
.apiInfo(apiInfo())
.securitySchemes(Collections.singletonList(apiKey()))
.securityContexts(Collections.singletonList(securityContext()));
}
private ApiInfo apiInfo() {
return new ApiInfoBuilder()
.title("My API")
.description("My API Documentation")
.version(version)
.build();
}
private SecurityContext securityContext() {
return SecurityContext.builder().securityReferences(defaultAuth()).forPaths(PathSelectors.regex("/.*")).build();
}
private List<SecurityReference> defaultAuth() {
final AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
final AuthorizationScope[] authorizationScopes = new AuthorizationScope[]{authorizationScope};
return Collections.singletonList(new SecurityReference("APIKey", authorizationScopes));
}
private ApiKey apiKey() {
return new ApiKey("APIKey", "APIKey", "header");
}
}
import com.google.common.base.Predicates;
导入org.springframework.beans.factory.annotation.Value;
导入org.springframework.context.annotation.Bean;
导入org.springframework.context.annotation.Configuration;
导入org.springframework.context.annotation.Profile;
导入springfox.documentation.builders.*;
导入springfox.documentation.service.*;
导入springfox.documentation.spi.DocumentationType;
导入springfox.documentation.spi.service.contexts.SecurityContext;
导入springfox.documentation.spring.web.plugins.Docket;
导入springfox.documentation.swagger 2.annotations.enableSawagger 2;
导入java.util.Collections;
导入java.util.List;
@配置
@使能招摇过市2
公共类招摇过市配置{
@值(“${version.number}”)
私有字符串版本;
@豆子
公开摘要api(){
返回新摘要(DocumentationType.SWAGGER_2)
.选择()
.api(Predicates.not(RequestHandlerSelectors.basePackage(“org.springframework.boot”))
.path(路径选择器.any())
.build()
.apinfo(apinfo())
.securitySchemes(Collections.singletonList(apiKey()))
.securityContext(Collections.singletonList(securityContext());
}
私有apinfo apinfo(){
返回新的ApiInfoBuilder()
.title(“我的API”)
.description(“我的API文档”)
.version(版本)
.build();
}
私有SecurityContext SecurityContext(){
返回SecurityContext.builder().securityReferences(defaultAuth()).forpath(PathSelectors.regex(“/.*)).build();
}
私有列表defaultAuth(){
最终授权范围授权范围=新授权范围(“全局”、“访问一切”);
最终授权范围[]授权范围=新授权范围[]{AuthorizationScope};
返回Collections.singletonList(新的SecurityReference(“APIKey”,authorizationScopes));
}
私有ApiKey ApiKey(){
返回新的ApiKey(“ApiKey”、“ApiKey”、“header”);
}
}
下图显示了用户界面。我可以用任何API键点击任何API,或者即使我没有输入任何内容,我仍然可以访问这些API。我想在代码中设置一个键,可能是在属性文件中,然后在swagger中配置它,这样每当有人试图访问API时,他们都会提供我指定的apikey
以下是我的解决方案: