Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring Boot & Swagger UI. Set JWT token

I have a Swagger config like this

@EnableSwagger2 @Configuration public class SwaggerConfig {     @Bean     public Docket api() {         List<SecurityScheme> schemeList = new ArrayList<>();         schemeList.add(new ApiKey(HttpHeaders.AUTHORIZATION, "JWT", "header"));         return new Docket(DocumentationType.SWAGGER_2)                 .produces(Collections.singleton("application/json"))                 .consumes(Collections.singleton("application/json"))                 .ignoredParameterTypes(Authentication.class)                 .securitySchemes(schemeList)                 .useDefaultResponseMessages(false)                 .select()                 .apis(Predicates.not(RequestHandlerSelectors.basePackage("org.springframework.boot")))                 .paths(PathSelectors.any())                 .build();     } } 

In the Swagger UI when I click on the Authorize button I enter my JWT token in the value field eyJhbGc..nN84qrBg. Now I expect that any request I do through the Swagger UI will contain the JWT in the header. However, that is not the case. No request contains a Authorization header.

What am I missing?

like image 623
isADon Avatar asked May 26 '18 17:05

isADon


People also ask

What is an spring boot?

Spring Boot is an open source Java-based framework used to create a micro Service. It is developed by Pivotal Team and is used to build stand-alone and production ready spring applications.

Is spring boot and Java same?

Spring Boot makes it easy to create stand-alone, production-grade Spring based Applications. It's a Java-based framework used to create a microservice ( microservice is defined as the small services that work together.

Is spring boot a backend?

Spring Boot is a backend framework that has become a major player in the enterprise Java ecosystem. It lets Java developers start building web applications quickly, without fuss.

What is spring boot best for?

Spring Boot is the most popular framework for building microservice applications with Java. It speeds up the development and deployment processes by offering intuitive default settings for unit and integration tests, web applications, and more.


1 Answers

Support for Authorization: Bearer [JWT_TOKEN] header is working as of version 2.9.2

Added the following dependencies to build.gradle

compile("io.springfox:springfox-swagger2:2.9.2") {     exclude module: 'mapstruct' // necessary in my case to not end up with multiple mapstruct versions } compile "io.springfox:springfox-bean-validators:2.9.2" compile "io.springfox:springfox-swagger-ui:2.9.2" 

Configured Swagger via

@Configuration @EnableSwagger2 @Import(springfox.bean.validators.configuration.BeanValidatorPluginsConfiguration.class) public class SwaggerConfiguration {      public static final String AUTHORIZATION_HEADER = "Authorization";     public static final String DEFAULT_INCLUDE_PATTERN = "/api/.*";     private final Logger log = LoggerFactory.getLogger(SwaggerConfiguration.class);      @Bean     public Docket swaggerSpringfoxDocket() {         log.debug("Starting Swagger");         Contact contact = new Contact(             "Matyas Albert-Nagy",             "https://justrocket.de",             "[email protected]");          List<VendorExtension> vext = new ArrayList<>();         ApiInfo apiInfo = new ApiInfo(             "Backend API",             "This is the best stuff since sliced bread - API",             "6.6.6",             "https://justrocket.de",             contact,             "MIT",             "https://justrocket.de",             vext);          Docket docket = new Docket(DocumentationType.SWAGGER_2)             .apiInfo(apiInfo)             .pathMapping("/")             .apiInfo(ApiInfo.DEFAULT)             .forCodeGeneration(true)             .genericModelSubstitutes(ResponseEntity.class)             .ignoredParameterTypes(Pageable.class)             .ignoredParameterTypes(java.sql.Date.class)             .directModelSubstitute(java.time.LocalDate.class, java.sql.Date.class)             .directModelSubstitute(java.time.ZonedDateTime.class, Date.class)             .directModelSubstitute(java.time.LocalDateTime.class, Date.class)             .securityContexts(Lists.newArrayList(securityContext()))             .securitySchemes(Lists.newArrayList(apiKey()))             .useDefaultResponseMessages(false);          docket = docket.select()             .paths(regex(DEFAULT_INCLUDE_PATTERN))             .build();         watch.stop();         log.debug("Started Swagger in {} ms", watch.getTotalTimeMillis());         return docket;     }       private ApiKey apiKey() {         return new ApiKey("JWT", AUTHORIZATION_HEADER, "header");     }      private SecurityContext securityContext() {         return SecurityContext.builder()             .securityReferences(defaultAuth())             .forPaths(PathSelectors.regex(DEFAULT_INCLUDE_PATTERN))             .build();     }      List<SecurityReference> defaultAuth() {         AuthorizationScope authorizationScope             = new AuthorizationScope("global", "accessEverything");         AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];         authorizationScopes[0] = authorizationScope;         return Lists.newArrayList(             new SecurityReference("JWT", authorizationScopes));     } } 

Access the ui via http://host:port/<context-root>/swagger-ui.html

Press Authorize all requests and enter Bearer [JWT_TOKEN]

Press authorize then enter the Bearer JWT Token

Voila your next requests will have the JWT header

enter image description here

like image 152
Matyas Avatar answered Sep 28 '22 20:09

Matyas