How do you add custom authorization to swagger.json when it's created by annotations?
2,088 views
Skip to first unread message
C. Howell
Apr 25, 2017, 4:00:28 PM4/25/17
to Swagger
I'm using:
Spring boot 1.5.4
Package spring-boot-starter-jersey
Swagger UI 3.0.4
Package swagger-jersey2-jaxrs 1.5.13
We're using digest authentication, but I've temporarily added basic authentication to the app to see if we could get this to work with Swagger UI. I'd like to apply it to the entire application rather than specify it on each method.
Our JerseyConfig looks like this:
@Component
public class JerseyConfiguration extends ResourceConfig {
private static Log logger = LogFactory.getLog(JerseyConfiguration.class);
@Value("${spring.jersey.application-path:/}")
private String apiPath;
public JerseyConfiguration() {
registerEndpoints();
configureSwagger();
}
private void registerEndpoints() {
register(MyEndpoints.class);
// Generate Jersey WADL at /<Jersey's servlet path>/application.wadl
register(WadlResource.class);
// Lets us get to static content like swagger
property(ServletProperties.FILTER_STATIC_CONTENT_REGEX, "((/swagger/.*)|(.*\\.html))");
}
/**
* Configure the Swagger documentation for this API.
*
* Very useful article:
* http://tech.asimio.net/2016/04/05/Microservices-using-Spring-Boot-Jersey-Swagger-and-Docker.html
*/
private void configureSwagger() {
// Creates file at localhost:port/swagger.json
this.register(ApiListingResource.class);
this.register(SwaggerSerializers.class);
BeanConfig config = new BeanConfig();
config.setConfigId("example-jersey-app");
config.setTitle("Spring Boot + Jersey + Swagger");
config.setVersion("2");
config.setContact("Me <m...@example.com>");
config.setSchemes(new String[] {"http", "https"});
config.setResourcePackage("com.example.api");
config.setBasePath(this.apiPath);
config.setPrettyPrint(true);
config.setScan(true);
}
}Our swagger.json file is created entirely from annotations at this point. How do I incorporate authentication definitions? From what I've been reading, it sounds like I have to add code to both my app and Swagger UI to get the authorization documented and then test it with Swagger UI "Try It." I found this question and answer: https://github.com/swagger-api/swagger-core/issues/1257 "Annotation for Authentication?" but I am not explicitly defining my Servlet so I'm not sure how to incorporate the example code referenced there.
What are the next steps I need to take to get authentication working from Swagger UI?
C. Howell
Apr 26, 2017, 9:31:28 PM4/26/17
to Swagger
Since the HttpServlet class is configuring Swagger inside the init() function in the "Bootstrap.java" examples. The significant difference between the HttpServlet code and the Application() code seems to be that HttpServlet.init() has ServletConfig as a parameter, so I tried using ServletConfigAware and adding the swagger.securityDefinition() code (as in https://github.com/swagger-api/swagger-samples/blob/master/java/java-jersey-jaxrs/src/main/java/io/swagger/sample/Bootstrap.java#L31-L35) into the setServletConfig method. I tried this in both my Spring Boot Application class and the Jersey ResourceConfig class. Neither of these succeeded in making the Basic Auth definition I added show up in /swagger.json.
Any direction appreciated.
Once I get the Basic Auth information to show up in /swagger.json, will Swagger UI automatically pass Basic Auth headers to its "try it" API calls? I've been looking for information about the level of support for Basic Auth in Swagger UI and have come with a variety of stories. I'm not sure at this point whether I can edit the index.html, need to rebuild the project, or it will "just work" once I have Basic Auth showing up in /swagger.json.
C. Howell
Apr 27, 2017, 3:32:24 AM4/27/17
to Swagger
I had tried ServletConfigAware and the settings on the Swagger object in the wrong place but in this configuration they seem to work.
Reply all
Reply to author
Forward
0 new messages