Friday 15 April 2022

Spring: openAPI: APIKEY security scheme example

API key is a token that a client provides when making API calls. I see some application where they expect one or more api keys for authorization.

 

API keys can be sent in three ways

 

API Key as a query string:

GET /endpoint?api_key=key123

 

API Key as a request header:

GET /endpoint HTTP/1.1

X-API-Key: key123

 

API Key as a cookie:

GET /something HTTP/1.1

Cookie: X-API-KEY=key123

 

 

Example

Below snippet define security scheme with two api keys.

a.   server.name

b.   server.key

 

@Configuration
@OpenAPIDefinition(
        info = @Info(
                title = "Demo Appication",
                version = "1.0.0",
                description = "Demo Appication",
                contact = @Contact(name = "Java tutorial team", email = "test@test.com")
        ),
        security = {
                @SecurityRequirement(name = "serverName"),
                @SecurityRequirement(name ="key")
        }
)
@SecuritySchemes(value = {
        @SecurityScheme(name = "serverName",
                type = SecuritySchemeType.APIKEY,
                in = SecuritySchemeIn.HEADER,
                paramName = "server.name",
                description = "server name to authenticate"),
        @SecurityScheme(name = "key",
                type = SecuritySchemeType.APIKEY,
                in = SecuritySchemeIn.HEADER,
                paramName = "server.key",
                description = "server key to authenticate")
})

Find the below working application.

 

Step 1: Create new maven project ‘openapi-apikey-example’.

 

Step 2: Update pom.xml with maven dependencies.

 

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <groupId>com.sample.app</groupId>
        <artifactId>openapi-apikey-example</artifactId>
        <version>1</version>

        <parent>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-parent</artifactId>
                <version>2.6.4</version>
        </parent>


        <properties>
                <java.version>1.8</java.version>
                <maven.compiler.source>${java.version}</maven.compiler.source>
                <maven.compiler.target>${java.version}</maven.compiler.target>
                <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
                <project.report.outputEncoding>UTF-8</project.report.outputEncoding>
        </properties>
        
        <dependencies>
                <dependency>
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-starter-web</artifactId>
                </dependency>


                <dependency>
                        <groupId>org.springdoc</groupId>
                        <artifactId>springdoc-openapi-ui</artifactId>
                        <version>1.6.6</version>
                </dependency>


        </dependencies>
</project>

Step 3: Define SwaggerConfig.java

 

SwaggerConfig.java

package com.sample.app.config;

import org.springframework.context.annotation.Configuration;

import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.info.Contact;
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.security.SecurityScheme;
import io.swagger.v3.oas.annotations.security.SecuritySchemes;

@Configuration
@OpenAPIDefinition(
        info = @Info(
                title = "Demo Appication",
                version = "1.0.0",
                description = "Demo Appication",
                contact = @Contact(name = "Java tutorial team", email = "test@test.com")
        ),
        security = {
                @SecurityRequirement(name = "serverName"),
                @SecurityRequirement(name ="key")
        }
)
@SecuritySchemes(value = {
        @SecurityScheme(name = "serverName",
                type = SecuritySchemeType.APIKEY,
                in = SecuritySchemeIn.HEADER,
                paramName = "server.name",
                description = "server name to authenticate"),
        @SecurityScheme(name = "key",
                type = SecuritySchemeType.APIKEY,
                in = SecuritySchemeIn.HEADER,
                paramName = "server.key",
                description = "server key to authenticate")
})
public class SwaggerConfig {

}

Step 4: Define UserController class.

 

UserController.java

package com.sample.app.controller;

import java.util.HashMap;
import java.util.Map;

import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.enums.ParameterIn;

@RestController
@RequestMapping(value = "/api/v1/users")
@CrossOrigin("*")
public class UserController {

        @GetMapping("/by-name")
        public ResponseEntity<Map<String, Object>> infoByName(
                        @Parameter(name = "firstName", in = ParameterIn.QUERY, description = "firstName ex: krishna", required = true) @RequestParam(name = "firstName", required = false) String firstName,
                        @Parameter(name = "lastName", in = ParameterIn.QUERY, description = "lastName ex: krishna", required = true) @RequestParam(name = "lastName", required = false) String lastName) {

                Map<String, Object> myDetails = new HashMap<>();

                if (firstName != null) {
                        myDetails.put("firstName", firstName);
                }

                if (lastName != null) {
                        myDetails.put("lastName", lastName);
                }

                return ResponseEntity.ok(myDetails);

        }

}

 

Step 5: Define main application class.

 

App.java

package com.sample.app;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class App {
        public static void main(String[] args) {

                SpringApplication.run(App.class, args);

        }
}

 

Total project structure looks like below.

 

 



 

Run App.java.

 

Open the url ‘http://localhost:8080/swagger-ui/index.html’ in browser.




Click on the button ‘Authorize’.

 



Set the serverName as ‘s1’ and key as ‘k1’ and click on Authorize and close buttons.

 


 

Experiment with the api ‘/api/v1/users/by-name’, you will observe that following headers are passed in the payload.

a.   server.name

b.   server.key

 

You can download complete working application from this link.



Previous                                                    Next                                                    Home

No comments:

Post a Comment