背景:
spring cloud + spring OAuth2 + swagger 的时候,接口需要权限才能访问
目标:
登录一次后,swagger 测试时自带身份信息
参考: https://cloud.tencent.com/developer/article/1493502
代码如下:
package org.jmcloud.upms.biz.config; import io.swagger.annotations.ApiOperation; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import springfox.documentation.builders.RequestHandlerSelectors; import springfox.documentation.service.ApiKey; import springfox.documentation.service.AuthorizationScope; import springfox.documentation.service.SecurityReference; import springfox.documentation.spi.DocumentationType; import springfox.documentation.spi.service.contexts.SecurityContext; import springfox.documentation.spring.web.plugins.Docket; import java.util.ArrayList; import java.util.List; import static springfox.documentation.builders.PathSelectors.regex; /** * @Title: * @Description: * @Reference: https://cloud.tencent.com/developer/article/1493502 * @Author 胡俊敏(rober) * @DateTime 2020/12/22 16:12 */ @Configuration public class SwaggerAutoConfiguration { @Bean public Docket platformApi() { return new Docket(DocumentationType.SWAGGER_2) .forCodeGeneration(true) .select().apis(RequestHandlerSelectors.withMethodAnnotation(ApiOperation.class)) .apis(RequestHandlerSelectors.any()) .paths(regex("^.*(?<!error)$")) .build() .securitySchemes(securitySchemes()) .securityContexts(securityContexts()); } private List<ApiKey> securitySchemes() { List<ApiKey> apiKeyList= new ArrayList(); //注意,这里应对应登录token鉴权对应的k-v // apiKeyList.add(new ApiKey("x-auth-token", "x-auth-token", "header")); apiKeyList.add(new ApiKey("Authorization", "Authorization", "header")); return apiKeyList; } private List<SecurityContext> securityContexts() { List<SecurityContext> securityContexts=new ArrayList<>(); securityContexts.add( SecurityContext.builder() .securityReferences(defaultAuth()) .forPaths(regex("^(?!auth).*$")) .build()); return securityContexts; } List<SecurityReference> defaultAuth() { AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything"); AuthorizationScope[] authorizationScopes = new AuthorizationScope[1]; authorizationScopes[0] = authorizationScope; List<SecurityReference> securityReferences=new ArrayList<>(); securityReferences.add(new SecurityReference("Authorization", authorizationScopes)); return securityReferences; } }
配置后,swagger 如下图:
输入 token
已经正常访问了!