如果项目中使用了Oauth2.0,那么在每次请求接口的时候都需要在header上带上Authorization参数才可以正常访问,如下所示:
项目用了Swagger在线接口文档组件,那么如何结合Oauth2.0,让调用接口的时候自动带上认证参数呢?
以下就是Oauth2.0整合Swagger的步骤:
关键代码
publicclassSwaggerConfig { privatestaticfinalStringVERSION="1.0.0"; /*** 创建API*/publicDocketcreateRestApi(){ returnnewDocket(DocumentationType.SWAGGER_2) .apiInfo(apiInfo()) .select() //指定接口包所在路径 .apis(RequestHandlerSelectors.withClassAnnotation(Api.class)) .paths(PathSelectors.any()) .build() //整合oauth2 .securitySchemes(Collections.singletonList(apiKey())) .securityContexts(Collections.singletonList(securityContext())); } /*** 添加摘要信息*/privateApiInfoapiInfo() { returnnewApiInfoBuilder() .contact(newContact("JAVA日知录","http://javadaily.cn","jianzh5@163.com")) .title("account-server接口文档") .description("account-server接口文档") .termsOfServiceUrl("http://javadaily.cn") .version(VERSION) .build(); } privateApiKeyapiKey() { returnnewApiKey("Bearer", "Authorization", "header"); } /*** swagger2 认证的安全上下文*/privateSecurityContextsecurityContext() { returnSecurityContext.builder() .securityReferences(defaultAuth()) .forPaths(PathSelectors.any()) .build(); } privateList<SecurityReference>defaultAuth() { AuthorizationScopeauthorizationScope=newAuthorizationScope("web", "access_token"); AuthorizationScope[] authorizationScopes=newAuthorizationScope[1]; authorizationScopes[0] =authorizationScope; returnCollections.singletonList(newSecurityReference("Bearer",authorizationScopes)); } }
使用步骤
- 使用postman调用认证中心接口获取access_token
http://localhost:8090/auth-service/oauth/token
{ "access_token": "36034ff7-7eea-4935-a3b7-5787d7a65827", "token_type": "bearer", "refresh_token": "4baea735-3c0d-4dfd-b826-91c6772a0962", "expires_in": 36931, "scope": "web"}
- 访问Swagger接口页面,点击Authorize接口进行认证,在弹出框中输入
Bearer 36034ff7-7eea-4935-a3b7-5787d7a65827并点击认证按钮。
- 在Swagger中正常请求接口
经过以上几步可以看到接口请求会默认带上认证参数,小伙伴们又可以愉快的玩耍了!
