swagger2.0 给springboot项目部分接口加authorization
在Spring Boot项目中使用Swagger 2.0给部分接口加上Authorization,可以通过自定义Swagger的SecurityRequirement来实现。以下是一个简单的示例代码:
import io.swagger.annotations.ApiOperation;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.AuthorizationScope;
import springfox.documentation.service.SecurityReference;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spi.service.contexts.SecurityContext;
import springfox.documentation.spring.web.plugins.Docket;
import java.util.Arrays;
import java.util.List;
@Configuration
public class SwaggerConfig {
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.withMethodAnnotation(ApiOperation.class))
.paths(PathSelectors.any())
.build()
.securitySchemes(Arrays.asList(securityScheme()))
.securityContexts(Arrays.asList(securityContext()));
}
private SecurityScheme securityScheme() {
return new ApiKey("Authorization", "Authorization", "header");
}
private SecurityContext securityContext() {
return SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(PathSelectors.regex("/api/.*")) // 只对匹配此路径的接口应用安全要求
.build();
}
private List<SecurityReference> defaultAuth() {
AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
authorizationScopes[0] = authorizationScope;
return Arrays.asList(new SecurityReference("Authorization", authorizationScopes));
}
}
在这个配置中,我们定义了一个名为api的Docket实例,并通过.securitySchemes()添加了一个名为Authorization的SecurityScheme,类型为ApiKey,位置在HTTP头部。然后,我们通过.securityContexts()为匹配正则表达式/api/的路径配置了一个SecurityContext,其中指定了使用上述定义的SecurityScheme。
这样,只有匹配指定路径规则的接口才会要求客户端提供认证信息。你可以根据自己的需求调整正则表达式以及安全要求应用的路径。