yasgur99
Reputation: 858
Enable /oauth/token endpoint springdoc-openapi-ui
I'm upgrading from springfox-swagger2 to springdoc-openapi-ui. I use the swagger definitions on the frontend to autogenerate types. The /oauth/token endpoint is missing in springdoc-openapi-ui. This is my config:
@Configuration
@OpenAPIDefinition(info = @Info(title = "title",
description = "description", version = "v1"))
@SecurityScheme(name = "security_auth", type = SecuritySchemeType.OAUTH2,
flows = @OAuthFlows(password = @OAuthFlow(
authorizationUrl = "${oauth.auth.url}",
tokenUrl = "${oauth.auth.url}/oauth/token", refreshUrl = "${oauth.auth.url}",
scopes = {@OAuthScope(name = "all", description = "all scope")})))
public class OpenApiConfig {}
I have an auth server thats part of the same application (shares the same pom.xml with my resource server. The Auth Server is spring-security-oauth2 as follows:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DataSource dataSource;
@Autowired
private BCryptPasswordEncoder passwordEncoder;
public AuthorizationServerConfiguration() {
super();
}
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
// config
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) {
oauthServer.passwordEncoder(this.passwordEncoder)
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.tokenStore(tokenStore())
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
My resource server looks as follows:
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer security) throws Exception {
security.tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
.authorizeRequests()
.antMatchers("/roles/**").hasRole("INTERNAL")
.antMatchers("/priveleges/**").hasRole("INTERNAL")
.antMatchers("/gameSync/**").hasAnyRole("ADMIN", "INTERNAL")
.antMatchers(HttpMethod.POST, "/user").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll()
.antMatchers("/v3/**", "/v2/api-docs", "/configuration/**", "/swagger*/**", "/webjars/**", "/").permitAll()
.anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().exceptionHandling().accessDeniedHandler(accessDeniedHandler());
//@formatter:on
}
@Bean
public AccessDeniedHandler accessDeniedHandler() {
return new OAuth2AccessDeniedHandler();
}
}
The security config therefore is pretty basic since the resource server defines most things:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private IUserService userService;
@Override
public void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}
Upvotes: 6
Views: 4471
Answers (1)
thepaoloboi
Reputation: 878
As stated here on springdoc-openapi java library documentation, for a project that uses spring-security, you should add the springdoc-openapi-security dependency.
In that way swagger-ui will render also the oauth endpoints:
In addition, if you want to hide certain paths, you could use the springdoc.paths-to-exclude property, documented here.
Upvotes: 1
Related Questions
- Enable Authorize button in springdoc-openapi-ui for Bearer Token Authentication (JWT)
- How to add Header with Authorization for springdoc-openapi endpoint calls
- Spring Cloud Gateway Oauth2 Resource Server allow actuator endpoints
- Spring-Doc open api not working with Spring cloud config server @EnableConfigServer
- springdoc / Swagger UI not passing OAuth2 token to API
- Spring OAuth Bean Exception when adding tokenservice to endpoint config
- Java Spring Security: 401 Unauthorized for token OAuth2 end point
- Spring OAuth2 - how to use the /oauth/authenticate endpoint?
- Why is spring-security-oauth2 throwing unauthorized error at the token endpoint? How to open the access to the endpoint?
- Spring Boot OAuth2 Resource Server - Error by calling user-info-uri or token-info-uri