CODEWITHSUNDEEP
javaspring-bootswagger-uibasic-authenticationbearer-token
Anup
Anup

Reputation: 23

Token based authentication with Springboot application and Swagger-UI where user logs in with username and password (basic authentication)

Here is the scenario,

  1. A spring-boot application has rest endpoints that can only be invoked with the access token
  2. I want to add swagger-ui that accepts the user name and password
  3. The application should get these credentials and make a rest call to get the access token required to invoke rest endpoints (as stated in point 1)

Spring-boot version: 2.3.2.RELEASE
Swagger-ui version: 2.9.2

Has anyone worked on a similar use case?

Here is some of my config classes/methods.

@Configuration
@EnableSwagger2
public class SpringFoxConfig {
~~
@Bean
    public Docket api() {
        return new Docket(DocumentationType.SWAGGER_2)
                .select()
                .apis(RequestHandlerSelectors.basePackage(SpringbootApplication.class.getPackage().getName()))
                .paths(PathSelectors.any())
                .build()
                .apiInfo(apiInfo())
              *//.securitySchemes(Arrays.asList(new ApiKey(BEARER, AUTHORIZATION, HEADER))) << currently I have this code but what I want is to have basic auth where user can enter his credentials*
                .securitySchemes(Arrays.asList(new BasicAuth("basicAuth")))
                .securityContexts(Arrays.asList(SecurityContext.builder()
                        .securityReferences(Arrays.asList(new SecurityReference(BEARER, new AuthorizationScope[] {})))
                        .forPaths(PathSelectors.any())
                        .build()));
    }
~~
}

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
~~
    @Override
    public void configure(HttpSecurity http) throws Exception {
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();

        registry.antMatchers("/actuator/health")
                .permitAll()
                .antMatchers("/actuator/info")
                .permitAll()
                .antMatchers("/swagger-ui.html")
                .permitAll()
                .anyRequest()
                .authenticated();
    }
~~
}

Upvotes: 0

Views: 1006

Answers (1)

Anup
Anup

Reputation: 23

I figured out the solution with custom solution. More details below.

  1. I had followed all the steps given at this thread - https://stackoverflow.com/a/46715492/5390096
  2. The issue was with the swagger-ui version 2.9.2 which does not pass client_id and client_password when the authentication form is submitted. I was keep getting bad request and after UI debugging and few more google searches, I found the issue.
  3. I created a customer controller which gets called on this form submission and then I internally make a call to my token uri by passing the client_id and client_secret
  4. If I bump the version to 3.0.0 then I get other conflict issues, didn't spend time fixing that.
  5. Other option I had was to migrate to openapi swagger-ui (new version of swagger-ui) but to save time and code refactoring, I chose to create a custom controller.

Upvotes: 1

Related Questions