springboot2.3.x+swagger3+security权限控制

1. 注意是swagger3,请求接口的时候需要设置token验证

2. 整合swagger3 只需要引入springfox 包即可,里面包含了swaggerui的包
   
           <dependency>
               <groupId>io.springfox</groupId>
               <artifactId>springfox-boot-starter</artifactId>
               <version>3.0.0</version>
           </dependency>
   

     

3. 注解@configuration 等价于@component,会把类配置到springboot的配置里面

4. config配置

   import io.swagger.annotations.ApiOperation;
   import org.springframework.context.annotation.Bean;
   import org.springframework.context.annotation.Configuration;
   import springfox.documentation.builders.ApiInfoBuilder;
   import springfox.documentation.builders.PathSelectors;
   import springfox.documentation.builders.RequestHandlerSelectors;
   import springfox.documentation.service.*;
   import springfox.documentation.spi.DocumentationType;
   import springfox.documentation.spi.service.contexts.SecurityContext;
   import springfox.documentation.spring.web.plugins.Docket;
   import springfox.documentation.swagger2.annotations.EnableSwagger2;
   
   import java.util.ArrayList;
   import java.util.List;
   
   @Configuration
   @EnableSwagger2 //开启sweagger
   public class Swagger3Config {
   
       //配置了swagger2的bean实例
       @Bean
       public Docket createRestApi() {
           return new Docket(DocumentationType.OAS_30)
                   //.enable(false) 是否启用swagger, 可以在yml文件里面配置,实现控制多环境是否启用swagger
                   //.groupName("aa") 设置该Docket实例的名字, 可以实现多个Docket ,实现分组
                   .apiInfo(apiInfo())
                   .select()
                   //RequestHandlerSelectors.basePackage 配置要扫描接口的方式,
                   // basePackage 指定要扫描的包, .any() 扫描全部 .none()都不扫描
                   //withMethodAnnotation 扫描所有有注解(@ApiOperation)的api，用这种方式更灵活
                   .apis(RequestHandlerSelectors.withMethodAnnotation(ApiOperation.class))
                   .paths(PathSelectors.any())
                   .build()
                   .securitySchemes(securitySchemes())
                   .securityContexts(securityContexts());
       }
   
   
       private ApiInfo apiInfo() {
           return new ApiInfoBuilder()
                   .title("后台接口信息")
                   .description("请先配置token后,在调试接口")
                   .contact(new Contact("caifei","https://gitee.com","aaaa@qq.com"))
                   .version("1.0")
                   .build();
       }
   
       private List<SecurityScheme> securitySchemes() {
           List<SecurityScheme> apiKeyList = new ArrayList();
           apiKeyList.add(new ApiKey("Authorization", "user-token", "header"));
           return apiKeyList;
       }
   
       private List<SecurityContext> securityContexts() {
           List<SecurityContext> securityContexts = new ArrayList<>();
           securityContexts.add(
                   SecurityContext.builder()
                           .securityReferences(defaultAuth())
                           .forPaths(PathSelectors.regex("^(?!auth).*$"))
                           .build());
           return securityContexts;
       }
   
       List<SecurityReference> defaultAuth() {
           AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
           AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
           authorizationScopes[0] = authorizationScope;
           List<SecurityReference> securityReferences = new ArrayList<>();
           securityReferences.add(new SecurityReference("Authorization", authorizationScopes));
           return securityReferences;
       }
   }

     

5.  在security的配置类中要放行swagger的静态资源

 

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers( "/swagger-ui.html",
                "/swagger-ui/*",
                "/swagger-resources/**",
                "/v2/api-docs",
                "/v3/api-docs",
                "/webjars/**");
    }

  

最后请求地址 http://localhost:端口/项目名称/swagger-ui/index.html