Reputation: 2335
Spring Boot, Swagger and Authorisation
I have a Spring Boot API that uses Springdoc (Swagger). The API has security with "apiKey" and "code" fields being passed in the header. I am having difficulty configuring Swagger correctly to enable the Authentication function in the Swagger UI. This is the configuration:
@Bean
public OpenAPI alartaCoreAdtAPI() {
return new OpenAPI()
.addSecurityItem(new SecurityRequirement().addList("BASIC"))
.components(
new Components()
.addSecuritySchemes("BASIC",
new SecurityScheme()
.type(SecurityScheme.Type.HTTP)
.scheme("basic")
.name("code")
)
)
.info(new Info().title(config.getApiTitle())
.description(config.getApiDescription())
.version(config.getApiVersion())
.license(new
License().name(config.getApiLicenseTitle()).url(config.getApiLicenseUrl())))
);
}
I know this is incorrect, but are unsure how to configure it.
Any assistance appreciated.
Attempts at solution: from @indybee recommendation:
@Bean
public OpenAPI alartaCoreAdtAPI() {
return new OpenAPI()
.addSecurityItem(new SecurityRequirement().addList("BASIC"))
.components( new Components()
.addSecuritySchemes("apiKey", securityScheme("apiKey"))
.addSecuritySchemes("code", securityScheme("code"))
)
.info(new Info().title(config.getApiTitle())
.description(config.getApiDescription())
.version(config.getApiVersion())
.license(new License().name(config.getApiLicenseTitle()).url(config.getApiLicenseUrl())))
);
}
private SecurityScheme securityScheme(String name) {
return new io.swagger.v3.oas.models.security.SecurityScheme()
.type(io.swagger.v3.oas.models.security.SecurityScheme.Type.APIKEY)
.in(io.swagger.v3.oas.models.security.SecurityScheme.In.HEADER)
.name(name);
}
This is where I get to (unfortunately, it still doesn't authorize when I test an endpoint)
Finally, this appears to work (using guidance from @indybee):
addSecurityItem()
.components( new Components()
.addSecuritySchemes("apiKey", securityScheme("apiKey"))
.addSecuritySchemes("code", securityScheme("code"))
)
.addSecurityItem(new SecurityRequirement().addList("apiKey").addList("code"))
Upvotes: 3
Views: 5137
Answers (1)
Reputation: 1736
To pass 2 custom headers of "apiKey" and "code" with every request
add this method:
private SecurityScheme securityScheme(String name) {
return new io.swagger.v3.oas.models.security.SecurityScheme()
.type(io.swagger.v3.oas.models.security.SecurityScheme.Type.APIKEY)
.in(io.swagger.v3.oas.models.security.SecurityScheme.In.HEADER)
.name(name);
}
and replace your .components() block with following
.components(new Components()
.addSecuritySchemes("apiKey", securityScheme("apiKey"))
.addSecuritySchemes("code", securityScheme("code"))
)
Upvotes: 5
Related Questions
- Add Swagger Basic AUTH to Spring Boot App
- Swagger - Authorize request to url with documentation
- Basic Authentication using Swagger UI
- How to provide authentication in Swagger API on Spring Boot application
- Spring Boot Swagger API not working
- Token based authentication with Springboot application and Swagger-UI where user logs in with username and password (basic authentication)
- Swagger,JWT and SPRING
- Spring Boot prevent the swagger documentation from being access outside by adding sort of authentication
- Authentication login with Swagger
- Document Spring OAuth 2.0 APIs using Swagger