在公共端点上获取锁定符号以及在 swagger 中

问题描述 投票:0回答:1

当在 Spring Boot 中使用 swagger 和 JWT 作为安全性时,我也得到了开放端点的锁定符号。

在 pom.xml 文件中添加了 Swagger (OpenAPI) 的依赖项:

        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
            <version>2.1.0</version>
        </dependency>

        <!-- https://mvnrepository.com/artifact/org.hibernate/hibernate-validator -->
        <dependency>
            <groupId>org.hibernate</groupId>
            <artifactId>hibernate-validator</artifactId>
            <version>8.0.0.Final</version>
        </dependency>

Swagger配置文件:

@Configuration
public class SwaggerConfig implements WebMvcConfigurer {

    @Value("${swagger.base.url:}")
    private String swaggerBaseUrl;

    @Bean
    public OpenAPI customOpenApi(){
        Server server = new Server();
        server.setUrl(swaggerBaseUrl);
        return new OpenAPI()
                .servers(Collections.singletonList(server))
                .info(new Info().title("Paathshala-Api").version("1.0"))
                .addSecurityItem(new SecurityRequirement().addList("bearerAuth"))
                .components(new Components().addSecuritySchemes("bearerAuth", new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("bearer").bearerFormat("JWT")));
    }

安全配置文件:

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {

  @Autowired
  @Qualifier("customAuthenticationEntryPoint")
  AuthenticationEntryPoint authenticationEntryPoint;

  private final JwtAuthenticationFilter jwtAuthFilter;

  private static final String[] AUTH_WHITE_LIST = {
          "/",
          "/api/login",
          "/api/notification/get/**",
          "/swagger-ui/index.html",
          "/v3/api-docs/**",
          "/swagger-ui/**",
          "/swagger-ui.html"
  };

  private static final String[] AUTH_ADMIN = {
          "/api/register/user",
          "/api/notification/**"
  };

  private static final String[] AUTH_SUPERADMIN = {
          "/api/register/**"
  };


  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http
        .csrf()
        .disable()
        .authorizeHttpRequests()
            .requestMatchers(AUTH_WHITE_LIST).permitAll()
            .requestMatchers(AUTH_ADMIN).hasAnyAuthority(String.valueOf(RolesEnum.ADMIN),String.valueOf(RolesEnum.SUPERADMIN))
            .requestMatchers(AUTH_SUPERADMIN).hasAnyAuthority(String.valueOf(RolesEnum.SUPERADMIN))
        .anyRequest()
          .authenticated()
        .and()
          .sessionManagement()
          .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
    .exceptionHandling()
            .authenticationEntryPoint(authenticationEntryPoint)
            .accessDeniedHandler(accessDeniedHandler())
            .and()
            .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
    ;
    return http.build();
  }

  @Bean
  public AccessDeniedHandler accessDeniedHandler() {
    return new CustomAccessDeniedHandler();
  }

}

具有公共端点的控制器:

@RestController
@RequestMapping("/api")
@RequiredArgsConstructor
public class LoginController extends ApiRestHandler{

    private final LoginService loginService;

    @PostMapping("/login")
    public ResponseWrapper authenticate(@RequestBody LoginRequest request) {
        return ResponseWrapper.getSuccessResponse(Map.of("details", loginService.authenticate(request)),"Token Generated");
    }

}

我为公共端点获取的锁定符号图像(尽管我可以在没有 JWT 令牌的情况下访问此端点)

我尝试添加@PreAuthorize标签和其他东西并弃用openai版本,但没有帮助。

任何建议或帮助将不胜感激

spring spring-boot spring-security swagger-ui openapi
1个回答
0
投票

在LoginController的authenticate()方法上添加

@SecurityRequirements()
注释。这应该可以解决您的问题。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.