添加不记名令牌字段以在 Java EE / Jersey 中生成 Swagger UI

问题描述 投票:0回答:2

我有一个 Java EE 8 应用程序,在其中使用 OpenAPI 注释来定义我的 REST 端点 并自动生成 Swagger UI。对于身份验证,我使用 JSON Web 令牌 (JWT)

当我从 Postman 发送请求时,一切正常,但是,我不知道如何将不记名令牌字段添加到我的 Swagger UI 中。


我正在使用

@SecurityScheme
注释定义我的安全方案:

@SecurityScheme(
        securitySchemeName = "JWT",
        description = "JWT authentication with bearer token",
        type = SecuritySchemeType.HTTP,
        scheme = "bearer",
        bearerFormat = "Bearer [token]"
)
public class ApplicationConfig extends Application {

}

我尝试将此方案作为

@SecurityRequirement
添加到我的资源的
@OpenAPIDefinition
注释中并直接添加到我的方法中。

@Path("/items")
@OpenAPIDefinition(
        info = @Info(title = "Items resource", version = "v1"),
        security = @SecurityRequirement(name = "JWT")
)
@Transactional(value = TxType.REQUIRES_NEW)
@Interceptors({RolesAllowedInterceptor.class})
@SecurityScheme(
        securitySchemeName = "JWT",
        description = "JWT authentication with bearer token",
        type = SecuritySchemeType.HTTP,
        scheme = "bearer",
        bearerFormat = "Bearer [token]"
)
public class ItemsResource {

    (...)

    @GET
    @Operation(description = "Returns the item list overview")
    @APIResponse(responseCode = "200", description = "Valid response")
    @APIResponse(responseCode = "401", description = "Authentication required")
    @APIResponse(responseCode = "500", description = "Unexpected exception")
    @Produces({MediaType.APPLICATION_JSON})
    @SecurityRequirement(name ="JWT", scopes = "write: read")
    @RolesAllowed({Constants.USER_ROLE_EXPERT})
    public Response getItemListOverview() throws TechnicalException {
        ItemListOverviewVO itemListOverviewVO = logic.getItemListOverview();
        return Response.status(Status.OK).entity(itemListOverviewVO).build();
    }

所以现在我的 OpenAPI JSON 文件中有

security
信息,但 UI 中仍然没有授权参数字段。


我还发现旧的 Swagger API 中曾经有一个

@ApiImplicitParameter
注释(请参阅Swagger UI 将身份验证令牌传递给标头中的 API 调用),但似乎它已从 OpenAPI 中删除。

所以我尝试使用

@HeaderParam
来代替(参见Jersey项目Swagger-UI在发送@PathParam时不发送@HeaderParam):

public Response getItemListOverview(@HeaderParam("Authorization") String bearerToken) throws TechnicalException {

现在我的 UI 中有一个 Authorization 字段,但是当我测试端点时,请求没有 Authorization 标头。我在浏览器的网络分析中看不到它。


到目前为止,OpenAPI 文档 没有多大帮助。我在这里错过了什么吗?

jakarta-ee jersey jwt swagger-ui openapi
2个回答
1
投票

关键是将

@SecurityScheme
注释嵌入到
@Components()
中,并将其作为参数传递给
@OpenAPIDefinition
注释:

@OpenAPIDefinition(
        info = @Info(title = "My application", version = "1.0.0"),
        servers = {@Server(url = "/myapp", description = "localhost") },
        security = @SecurityRequirement(name = "JWT"),
        components = @Components(securitySchemes = @SecurityScheme(
                securitySchemeName = "JWT",
                description = "JWT authentication with bearer token",
                type = SecuritySchemeType.HTTP,
                scheme = "bearer",
                bearerFormat = "Bearer [token]"))
)
public class ApplicationConfig extends Application {

}

0
投票

随着版本的发布,事情可能会发生一些变化。我将把对我有用的东西放在这里:

@OpenAPIDefinition(info = @Info(title = "Example API", version = "v1"))
@SecuritySchemes(@SecurityScheme(
    name = "JWT",
    description = "JWT authentication with bearer token",
    type = SecuritySchemeType.HTTP,
    scheme = "bearer",
    bearerFormat = "Bearer [token]"))
public interface ExampleResource {
    @DELETE
    @Path("/example")
    @Operation(summary = "Example Summary", tags = "Example Tag",security = 
    @SecurityRequirement(name = "JWT"))
    Response exampleMethod();
}
© www.soinside.com 2019 - 2024. All rights reserved.