knife4j接口文档安全性,登录认证访问或屏蔽接口文档,同样适用swagger2

小豆丁 1年前 ⋅ 274 阅读

1、在config类上添加注释

@Profile({"dev","test"})

2、安全认证配置yml

knife4j:
  basic:
    username: admin
    password: admin
    enable: true #开启认证
  production: false #默认是false ,屏蔽所有Swagger的相关资源
  enable: true #是否开启swagger

3、完整示例 (1)依赖

        <dependency>
            <groupId>io.swagger.core.v3</groupId>
            <artifactId>swagger-annotations</artifactId>
            <version>2.1.9</version>
        </dependency>
        <dependency>
            <groupId>com.github.xiaoymin</groupId>
            <artifactId>knife4j-spring-boot-starter</artifactId>
            <version>2.0.7</version>
        </dependency>

(2)配置类代码

@EnableSwagger2WebMvc
@EnableKnife4j
@Configuration
@Profile({"dev","test"})
public class Swagger2Config {

    private ApiInfo apiInfo;

    @Autowired(required = false)
    public Swagger2Config(ApiInfo apiInfo) {
        this.apiInfo = apiInfo;
    }

    public Swagger2Config() {
    }

    @Bean(value = "testApi")
    public Docket createRestApi() {
        return new Docket(DocumentationType.SWAGGER_2)
                .useDefaultResponseMessages(false)
                .apiInfo(Objects.isNull(apiInfo) ? defaultApiInfo() : apiInfo)
                .groupName("后台管理接口")
                .select()
                //.apis(RequestHandlerSelectors.basePackage("com.**.controller"))
                //.apis(RequestHandlerSelectors.withClassAnnotation(Api.class))
                //.paths(PathSelectors.any())
                .build()
                /* 设置安全模式,swagger可以设置访问token */
                .securitySchemes(securitySchemes())
                .securityContexts(securityContexts());

    }
    /**
     * 安全模式,这里指定token通过Authorization头请求头传递
     */
    private List<ApiKey> securitySchemes() {
        List<ApiKey> apiKeyList = new ArrayList<ApiKey>();
        apiKeyList.add(new ApiKey("Authorization", "Authorization", "header"));
        return apiKeyList;
    }

    /**
     * 安全上下文
     */
    private List<SecurityContext> securityContexts() {
        List<SecurityContext> securityContexts = new ArrayList<>();
        securityContexts.add(
                SecurityContext.builder()
                        .securityReferences(defaultAuth())
                        .forPaths(PathSelectors.regex("^(?!auth).*$"))
                        .build());
        return securityContexts;
    }

    /**
     * 默认的安全上引用
     */
    private List<SecurityReference> defaultAuth() {
        AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
        AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
        authorizationScopes[0] = authorizationScope;
        List<SecurityReference> securityReferences = new ArrayList<>();
        securityReferences.add(new SecurityReference("Authorization", authorizationScopes));
        return securityReferences;
    }

    private ApiInfo defaultApiInfo() {
        return new ApiInfoBuilder()
                .title("swagger-bootstrap-ui RESTful APIs")
                .description("接口文档")
                .termsOfServiceUrl("http://127.0.0.1:80/test")
                .version("1.0")
                .build();
    }

注意:本文归作者所有,未经作者允许,不得转载

#java
阅读全部

全部评论: 0

    我有话说: