Swagger2Feature

Swagger2Feature

关注
发信
关注(28)粉丝(399)

java - CXF Swagger2功能增加了安全性

我想使用org.apache.cxf.jaxrs.swagger.Swagger2Feature将Security Definition添加到我的rest服务中。但是,我看不到任何相关方法或有关如何执行此操作的任何资源。以下是我想使用swagger2feature生成的swagger文档。我该怎么做?

swagger: '2.0'
info:
  version: 1.0.0
  title: Based on "Basic Auth Example"
  description: >
    An example for how to use Auth with Swagger.

host: basic-auth-server.herokuapp.com
schemes:
  - http
  - https
securityDefinitions:
  Bearer:
    type: apiKey
    name: Authorization
    in: header
paths:
  /:
    get:
      security:
        - Bearer: []
      responses:
        '200':
          description: 'Will send `Authenticated`'
        '403':
          description: 'You do not have necessary permissions for the resource'

最佳答案

我遇到了同样的问题,我找不到使用CXF及其API的合适解决方案。我的解决方案如下,创建一个扩展CXF的Swagger2Feature的类,以覆盖addSwaggerResource方法,以绑定安全性定义:

/** Name of the security definition */
public static final String SECURITY_NAME = "Bearer";

/** Extends the Swagger2Feature to use the security definition of Swagger */
@Provider(value = Provider.Type.Feature, scope = Provider.Scope.Server)
public class ExtendedSwagger2Feature extends Swagger2Feature {
    @Override
    protected void addSwaggerResource(Server server, Bus bus) {
        super.addSwaggerResource(server, bus);

        BeanConfig config = (BeanConfig) ScannerFactory.getScanner();
        Swagger swagger = config.getSwagger();
        swagger.securityDefinition(SECURITY_NAME, new ApiKeyAuthDefinition("authorization", In.HEADER));
    }
}


然后,由于Swagger实例在被swagger api加载后已被修改,因此您应该在servlet上下文中“重新注册”它(正如我在浏览swagger的代码时所了解的那样)。看看io.swagger.jaxrs.config.SwaggerContextService。为此,我必须在Servlet上下文中创建一个新的ServletContextInitializer:

return servletContext -> {
    BeanConfig scanner = (BeanConfig) ScannerFactory.getScanner();
    Swagger swagger = scanner.getSwagger();
    servletContext.setAttribute("swagger", swagger);
};


将上下文中先前用安全性定义修改过的Swagger配置放在上下文中,可使swagger api正确考虑它。没有这个,我们扩展的Swagger2Feature将无法工作。

有了这一更改,我就可以得到一个swagger.yaml文件,正如您所期望的那样,尤其是以下部分:

securityDefinitions:
  Bearer:
    type: apiKey
    name: Authorization
    in: header


我在Spring Boot应用程序中使用此解决方案,这是我完整的swagger配置类,以防它对某人有所帮助:

package my.package.configuration;

import io.swagger.config.ScannerFactory;
import io.swagger.core.filter.AbstractSpecFilter;
import io.swagger.jaxrs.config.BeanConfig;
import io.swagger.model.ApiDescription;
import io.swagger.models.Operation;
import io.swagger.models.Swagger;
import io.swagger.models.auth.ApiKeyAuthDefinition;
import io.swagger.models.auth.In;
import org.apache.cxf.Bus;
import org.apache.cxf.annotations.Provider;
import org.apache.cxf.endpoint.Server;
import org.apache.cxf.jaxrs.swagger.Swagger2Feature;
import org.springframework.boot.web.servlet.ServletContextInitializer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

import java.util.List;
import java.util.Map;

/**
 * Configuration of the Swagger API to enable it with CXF.
 */
@Configuration
public class SwaggerConfiguration {

    /** Name of the security definition */
    public static final String SECURITY_NAME = "Bearer";

    @Bean
    public Swagger2Feature swagger() {
        Swagger2Feature feature = new ExtendedSwagger2Feature();
        // Do your stuff with the configuration
        return feature;
    }

    /**
     * Register a custom {@link ServletContextInitializer} in the cxf servlet to expose the custom {@link Swagger2Feature}
     * otherwise the security definition added in the {@link ExtendedSwagger2Feature#addSwaggerResource} will not be
     * used by the swagger api because the original hook occurs during the super call.
     *
     * @see io.swagger.jaxrs.config.SwaggerContextService
     * @see org.apache.cxf.jaxrs.spring.SpringComponentScanServer
     *
     * @return a new instance of the {@link ServletContextInitializer}
     */
    @Bean
    @DependsOn("jaxRsServer")
    public ServletContextInitializer initializer() {
        return servletContext -> {
            BeanConfig scanner = (BeanConfig) ScannerFactory.getScanner();
            Swagger swagger = scanner.getSwagger();
            servletContext.setAttribute("swagger", swagger);
        };
    }

    /**
     * Extension of the {@link Swagger2Feature} because the one provided by CXF doesn't allow to use
     * feature of the Swagger API such as the security definition. This feature use the {@link ApiKeyAuthDefinition}
     * to transport the authorization header required by the application.
     */
    @Provider(value = Provider.Type.Feature, scope = Provider.Scope.Server)
    public static class ExtendedSwagger2Feature extends Swagger2Feature {
        @Override
        protected void addSwaggerResource(Server server, Bus bus) {
            super.addSwaggerResource(server, bus);

            BeanConfig config = (BeanConfig) ScannerFactory.getScanner();
            Swagger swagger = config.getSwagger();
            swagger.securityDefinition(SECURITY_NAME, new ApiKeyAuthDefinition("authorization", In.HEADER));
        }
    }
}

10-07 15:12
Powered by LMLPHP ©2024 Swagger2Feature 0.037739