Thursday 14 April 2022

Spring: openAPI: Enable authorize button for Basic authentication

In this post, I am going to explain how to enable Authorize button in openAPI documentation and apply this configured security at Rest controller level.

 

Step 1: Define global security scheme Using @SecurityScheme and @Configuration annotations.

@Configuration
@OpenAPIDefinition(info = @Info(title = "Demo API", version = "v1"))
@SecurityScheme(name = "basicAuth", type = SecuritySchemeType.HTTP, scheme = "basic")
public class OpenApi3Config {

}

 

Step 2: Annotate REST controller class with @SecurityRequirement by referring the the bearerAuth Sechme defined in step 1.

@RestController
@RequestMapping(value = "/api/v1/users")
@CrossOrigin("*")
@SecurityRequirement(name = "basicAuth")
public class UserController {
	......
	......
}

 

Find the below working application.

 

Step 1: Create new maven project ‘openapi-enable-basic-auth-scheme’.

 

Step 2: Update pom.xml with maven dependencies.

 

pom.xml

 

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.sample.app</groupId>
	<artifactId>openapi-enable-basic-auth-scheme</artifactId>
	<version>1</version>

	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.6.4</version>
	</parent>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>


		<dependency>
			<groupId>org.springdoc</groupId>
			<artifactId>springdoc-openapi-ui</artifactId>
			<version>1.6.6</version>
		</dependency>


	</dependencies>

</project>

 

Step 3: Define security scheme.

 

OpenApi3Config.java

 

package com.sample.app.config;

import org.springframework.context.annotation.Configuration;

import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.security.SecurityScheme;

@Configuration
@OpenAPIDefinition(info = @Info(title = "Demo API", version = "v1"))
@SecurityScheme(name = "basicAuth", type = SecuritySchemeType.HTTP, scheme = "basic")
public class OpenApi3Config {

}

Step 4: Define UserController and apply the security scheme at class level.

 

UserController.java

package com.sample.app.controller;

import java.util.HashMap;
import java.util.Map;

import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;;

@RestController
@RequestMapping(value = "/api/v1/users")
@CrossOrigin("*")
@SecurityRequirement(name = "basicAuth")
public class UserController {

	@GetMapping("/by-city/{city}")
	public ResponseEntity<Map<String, Object>> infoByCity(
			@Parameter(name = "city", description = "city ex: Bangalore") @PathVariable(name = "city") String city) {

		Map<String, Object> result = new HashMap<>();

		return ResponseEntity.ok(result);

	}


}

Step 5: Define main application class.

 

App.java

package com.sample.app;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class App {
	public static void main(String[] args) {

		SpringApplication.run(App.class, args);

	}
}

Total project structure looks like below.



Run App.java.

 

Open the url ‘http://localhost:8080/swagger-ui/index.html’ in browser, you will see ‘Authorize’ button on top right corner.

 


Click on ‘Authorize’ button.

 


Provide username and password, click on Authorize button followed by Close button.

 

Now, when you experiment with the rest API, you can observe that the Basic credentials are passed in Authorization header.

 


You can download complete working application from this link.


 

Previous                                                    Next                                                    Home

No comments:

Post a Comment