swagger+spring boot+jwt+如何禁用特定api的授权按钮

iecba09b  于 2021-07-23  发布在  Java
关注(0)|答案(1)|浏览(338)

我已经在spring引导应用程序中配置了jwt承载令牌身份验证。我有“authenticate”和“hello”控制器,其中“hello”控制器接收承载令牌作为授权头。“authenticate“api生成承载令牌。 Postman 一切正常。但从招摇过市的Angular 来看,我不能禁用“authorize”按钮来验证api。招摇屏幕剪辑
我的代码如下:swaggerconfig文件:

@Bean
    public Docket swaggerSpringfoxDocket() {
        Contact contact = new Contact(
                "shivaraj",
                "https://shivaraj.co",
                "bmxxxxx@xxxx.com");

        List<VendorExtension> vext = new ArrayList<>();
        ApiInfo apiInfo = new ApiInfo(
                "Backend API",
                "description",
                "1.0.0",
                "https://shivaraj.co",
                contact,
                "MIT",
                "https://shivaraj.co",
                vext);

        Docket docket = new Docket(DocumentationType.SWAGGER_2)
                .apiInfo(apiInfo)
                .pathMapping("/")
                .apiInfo(ApiInfo.DEFAULT)
                .forCodeGeneration(true)
                .genericModelSubstitutes(ResponseEntity.class)
                .ignoredParameterTypes(SpringDataWebProperties.Pageable.class)
                .ignoredParameterTypes(java.sql.Date.class)
                .directModelSubstitute(java.time.LocalDate.class, java.sql.Date.class)
                .directModelSubstitute(java.time.ZonedDateTime.class, Date.class)
                .directModelSubstitute(java.time.LocalDateTime.class, Date.class)
                .securityContexts(Lists.newArrayList(securityContext()))
                .securitySchemes(Lists.newArrayList(apiKey()))
                .useDefaultResponseMessages(false);

        docket = docket.select()
                .paths(regex(DEFAULT_INCLUDE_PATTERN))
                .build();

        return docket;
    }

    private ApiKey apiKey() {
        return new ApiKey("JWT", AUTHORIZATION_HEADER, "header");
    }

    private SecurityContext securityContext() {
        return SecurityContext.builder()
                .securityReferences(defaultAuth())
                .forPaths(PathSelectors.regex(DEFAULT_INCLUDE_PATTERN))
                .build();
    }

    List<SecurityReference> defaultAuth() {
        AuthorizationScope authorizationScope
                = new AuthorizationScope("global", "accessEverything");
        AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
        authorizationScopes[0] = authorizationScope;
        return Lists.newArrayList(
                new SecurityReference("JWT", authorizationScopes));
    }

作为另一种方法,是否有一种方法可以使每个单独的控制器在招摇授权按钮?

qv7cva1a

qv7cva1a1#

添加 security = @SecurityRequirement(name = "bearerAuth")@Operation 允许标记启用/禁用令牌身份验证。

相关问题