Menu
How to enable "Authorize" button in springdoc-openapi-ui (OpenAPI 3.0 /swagger-ui.html) for Bearer Token Authentication, for example JWT.
What annotations have to be added to Spring @Controller and @Configuration classes?
964
Bearer tokens enable requests to authenticate using an access key, such as a JSON Web Token (JWT). The token is a text string, included in the request header. In the request Authorization tab, select Bearer Token from the Type dropdown list. In the Token field, enter your API key value.
I prefer to use bean initialization instead of annotation.
import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; import io.swagger.v3.oas.models.info.Info; import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.util.StringUtils; @Configuration public class OpenApi30Config { private final String moduleName; private final String apiVersion; public OpenApi30Config( @Value("${module-name}") String moduleName, @Value("${api-version}") String apiVersion) { this.moduleName = moduleName; this.apiVersion = apiVersion; } @Bean public OpenAPI customOpenAPI() { final String securitySchemeName = "bearerAuth"; final String apiTitle = String.format("%s API", StringUtils.capitalize(moduleName)); return new OpenAPI() .addSecurityItem(new SecurityRequirement().addList(securitySchemeName)) .components( new Components() .addSecuritySchemes(securitySchemeName, new SecurityScheme() .name(securitySchemeName) .type(SecurityScheme.Type.HTTP) .scheme("bearer") .bearerFormat("JWT") ) ) .info(new Info().title(apiTitle).version(apiVersion)); } } The line of code
.addSecurityItem(new SecurityRequirement().addList(securitySchemeName)) allows to add global security schema and to get rid of writing security to each @Operation of method.
169
Define a global security scheme for OpenAPI 3.0 using annotation @io.swagger.v3.oas.annotations.security.SecurityScheme in a @Configuration bean:
@Configuration @OpenAPIDefinition(info = @Info(title = "My API", version = "v1")) @SecurityScheme( name = "bearerAuth", type = SecuritySchemeType.HTTP, bearerFormat = "JWT", scheme = "bearer" ) public class OpenApi30Config { } Annotate each @RestController method requiring Bearer Token Authentication (JWT) with @io.swagger.v3.oas.annotations.Operation referencing the defined security scheme:
@Operation(summary = "My endpoint", security = @SecurityRequirement(name = "bearerAuth")) If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With