在Swagger中记录Spring的登录/注销API

我正在使用Spring Boot用户必须登录的地方来开发演示REST服务,以执行某些操作子集。通过简单的配置添加Swagger

UI(使用springfox库)后:

@Bean

public Docket docApi() {

return new Docket(DocumentationType.SWAGGER_2)

.select()

.apis(any())

.paths(PathSelectors.ant("/api/**"))

.build()

.pathMapping("/")

.apiInfo(apiInfo())

.directModelSubstitute(LocalDate.class, String.class)

.useDefaultResponseMessages(true)

.enableUrlTemplating(true);

}

最后,我将列出所有API,并在Swagger UI页面上列出所有操作。不幸的是,我没有列出其中的登录/注销端点。

问题在于,该操作的一部分无法通过Swagger

UI内置表单执行(我发现它确实很不错,并且希望它可以正常运行),因为用户尚未登录。对此问题有什么解决方案吗?我可以在中手动定义一些端点Swagger吗?

如果有提交凭据的表单(即登录/注销端点),则可以在使用该安全端点之前执行授权。然后,Swagger用户可以token/sessionid从响应中提取内容并将其粘贴到通过定义的自定义查询参数中@ApiImplicitParams

在下面可以找到我的安全配置:

@Override

protected void configure(HttpSecurity http) throws Exception {

http

.formLogin()

.loginProcessingUrl("/api/login")

.usernameParameter("username")

.passwordParameter("password")

.successHandler(new CustomAuthenticationSuccessHandler())

.failureHandler(new CustomAuthenticationFailureHandler())

.permitAll()

.and()

.logout()

.logoutUrl("/api/logout")

.logoutSuccessHandler(new CustomLogoutSuccessHandler())

.deleteCookies("JSESSIONID")

.permitAll()

.and()

.csrf()

.disable()

.exceptionHandling()

.authenticationEntryPoint(new CustomAuthenticationEntryPoint())

.and()

.authorizeRequests()

.and()

.headers()

.frameOptions()

.disable();

}

@Override

protected void configure(AuthenticationManagerBuilder auth) throws Exception {

auth

.userDetailsService(userDetailsService)

.passwordEncoder(passwordEncoder());

}

回答:

派对晚了一点,但是由于SpringFox依靠Spring bean来构建文档,因此我们可以轻松地对其进行操作。希望这可以帮助某人!

将其注册为Bean

@Primary

@Bean

public ApiListingScanner addExtraOperations(ApiDescriptionReader apiDescriptionReader, ApiModelReader apiModelReader, DocumentationPluginsManager pluginsManager)

{

return new FormLoginOperations(apiDescriptionReader, apiModelReader, pluginsManager);

}

该类用于手动添加任何操作:

import java.util.ArrayList;

import java.util.Arrays;

import java.util.LinkedList;

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.http.HttpMethod;

import com.fasterxml.classmate.TypeResolver;

import com.google.common.collect.Multimap;

import springfox.documentation.builders.ApiListingBuilder;

import springfox.documentation.builders.OperationBuilder;

import springfox.documentation.builders.ParameterBuilder;

import springfox.documentation.schema.ModelRef;

import springfox.documentation.service.ApiDescription;

import springfox.documentation.service.ApiListing;

import springfox.documentation.service.Operation;

import springfox.documentation.spring.web.plugins.DocumentationPluginsManager;

import springfox.documentation.spring.web.readers.operation.CachingOperationNameGenerator;

import springfox.documentation.spring.web.scanners.ApiDescriptionReader;

import springfox.documentation.spring.web.scanners.ApiListingScanner;

import springfox.documentation.spring.web.scanners.ApiListingScanningContext;

import springfox.documentation.spring.web.scanners.ApiModelReader;

public class FormLoginOperations extends ApiListingScanner

{

@Autowired

private TypeResolver typeResolver;

@Autowired

public FormLoginOperations(ApiDescriptionReader apiDescriptionReader, ApiModelReader apiModelReader, DocumentationPluginsManager pluginsManager)

{

super(apiDescriptionReader, apiModelReader, pluginsManager);

}

@Override

public Multimap<String, ApiListing> scan(ApiListingScanningContext context)

{

final Multimap<String, ApiListing> def = super.scan(context);

final List<ApiDescription> apis = new LinkedList<>();

final List<Operation> operations = new ArrayList<>();

operations.add(new OperationBuilder(new CachingOperationNameGenerator())

.method(HttpMethod.POST)

.uniqueId("login")

.parameters(Arrays.asList(new ParameterBuilder()

.name("username")

.description("The username")

.parameterType("query")

.type(typeResolver.resolve(String.class))

.modelRef(new ModelRef("string"))

.build(),

new ParameterBuilder()

.name("password")

.description("The password")

.parameterType("query")

.type(typeResolver.resolve(String.class))

.modelRef(new ModelRef("string"))

.build()))

.summary("Log in") //

.notes("Here you can log in")

.build());

apis.add(new ApiDescription("/api/login/", "Authentication documentation", operations, false));

def.put("authentication", new ApiListingBuilder(context.getDocumentationContext().getApiDescriptionOrdering())

.apis(apis)

.description("Custom authentication")

.build());

return def;

}

}

渲染Swagger json:

"/api/login/" : {

"post" : {

"summary" : "Log in",

"description" : "Here you can log in",

"operationId" : "loginUsingPOST",

"parameters" : [ {

"name" : "username",

"in" : "query",

"description" : "The username",

"required" : false,

"type" : "string"

}, {

"name" : "password",

"in" : "query",

"description" : "The password",

"required" : false,

"type" : "string"

} ]

}

}

以上是 在Swagger中记录Spring的登录/注销API 的全部内容, 来源链接: utcz.com/qa/430204.html

回到顶部