Tuesday 12 April 2022

Spring: Enable Authorize button in openAPI to support Bearer token

In this post, I am going to explain how to enable Authorize button in openAPI documentation and apply this configured security at Rest controller level.

 

Step 1: Define global security scheme Using @SecurityScheme and @Configuration annotations.

@Configuration
@OpenAPIDefinition(info = @Info(title = "Demo Application", version = "v1"))
@SecurityScheme(name = "bearerAuth", type = SecuritySchemeType.HTTP, bearerFormat = "JWT", scheme = "bearer")
public class OpenApi3Config {

}

 

Step 2: Annotate REST controller class with @SecurityRequirement by referring the the bearerAuth Sechme defined in step 1.

@RestController
@RequestMapping(value = "/api/v1/users")
@CrossOrigin("*")
@SecurityRequirement(name = "bearerAuth")
public class UserController {

	......
	......
}

Find the below working application.

 

Step 1: Create new maven project ‘openapi-enable-bearer-token-authorize-button’.

 

Step 2: Update pom.xml with maven dependencies.

 

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.sample.app</groupId>
	<artifactId>openapi-enable-bearer-token-authorize-button</artifactId>
	<version>1</version>

	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.6.4</version>
	</parent>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>


		<dependency>
			<groupId>org.springdoc</groupId>
			<artifactId>springdoc-openapi-ui</artifactId>
			<version>1.6.6</version>
		</dependency>


	</dependencies>

</project>

Step 3: Define OpenApi3Config class.

 

OpenApi3Config.java

package com.sample.app.config;

import org.springframework.context.annotation.Configuration;

import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.security.SecurityScheme;

@Configuration
@OpenAPIDefinition(info = @Info(title = "Demo Application", version = "v1"))
@SecurityScheme(name = "bearerAuth", type = SecuritySchemeType.HTTP, bearerFormat = "JWT", scheme = "bearer")
public class OpenApi3Config {

}

Step 4: Define UserController class.

 

UserController.java

package com.sample.app.controller;

import java.util.HashMap;
import java.util.Map;

import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;

@RestController
@RequestMapping(value = "/api/v1/users")
@CrossOrigin("*")
@SecurityRequirement(name = "bearerAuth")
public class UserController {

	@GetMapping("/by-city/{city}")
	public ResponseEntity<Map<String, Object>> infoByCity(
			@Parameter(name = "city", description = "city ex: Bangalore") @PathVariable(name = "city") String city) {

		Map<String, Object> result = new HashMap<>();

		return ResponseEntity.ok(result);

	}

}

Step 5: Define main application class.

 

App.java

package com.sample.app;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class App {
	public static void main(String[] args) {

		SpringApplication.run(App.class, args);

	}
}

Total project structure looks like below.



Run App.java.

 

Open the url ‘http://localhost:8080/swagger-ui/index.html’.



You will see an ‘Authorize’ button at top right corner. Click on Authorize button.

 


Feed some bearer token and click on Authorize button and click on Close button.

 

Now experiment with the API ‘/api/v1/users/by-city/{city}’, you will observe that Bearer token is passed as request header internally (Check the curl payload).

 


You can download complete working application from this link.




 

 

 

Previous                                                    Next                                                    Home

No comments:

Post a Comment