Wednesday, 13 April 2022

Spring: openAPI: Enable bearer token authentication scheme at method level

Using 'security' attribute of @Operation annotation, we can declare which security mechanisms can be used for this operation.

 

Step 1: Define bearerAuth security scheme.

@Configuration
@OpenAPIDefinition(info = @Info(title = "Demo Application", version = "v1"))
@SecurityScheme(name = "bearerAuth", type = SecuritySchemeType.HTTP, bearerFormat = "JWT", scheme = "bearer")
public class OpenApi3Config {

}

Step 2: Apply bearerAuth scheme at method level.

@GetMapping("/by-city/{city}")
@Operation(summary = "My endpoint", security = { @SecurityRequirement(name = "bearerAuth") })
public ResponseEntity<Map<String, Object>> infoByCity(
		@Parameter(name = "city", description = "city ex: Bangalore") 
		@PathVariable(name = "city") String city) {

	Map<String, Object> result = new HashMap<>();

	return ResponseEntity.ok(result);

}

Find the below working application.

 

Step 1: Create new maven project ‘openapi-enable-bearer-token-scheme-at-method-level’.

 

Step 2: Update pom.xml with maven dependencies.

 

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.sample.app</groupId>
	<artifactId>openapi-enable-bearer-token-scheme-at-method-level</artifactId>
	<version>1</version>

	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.6.4</version>
	</parent>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>


		<dependency>
			<groupId>org.springdoc</groupId>
			<artifactId>springdoc-openapi-ui</artifactId>
			<version>1.6.6</version>
		</dependency>


	</dependencies>

</project>

Step 3: Define security scheme.

 

OpenApi3Config.java

package com.sample.app.config;

import org.springframework.context.annotation.Configuration;

import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.security.SecurityScheme;

@Configuration
@OpenAPIDefinition(info = @Info(title = "Demo Application", version = "v1"))
@SecurityScheme(name = "bearerAuth", type = SecuritySchemeType.HTTP, bearerFormat = "JWT", scheme = "bearer")
public class OpenApi3Config {

}

Step 4: Define UserController class.

 

UserController.java

package com.sample.app.controller;

import java.util.HashMap;
import java.util.Map;

import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;;

@RestController
@RequestMapping(value = "/api/v1/users")
@CrossOrigin("*")
public class UserController {

	@GetMapping("/by-city/{city}")
	@Operation(summary = "My endpoint", security = { @SecurityRequirement(name = "bearerAuth") })
	public ResponseEntity<Map<String, Object>> infoByCity(
			@Parameter(name = "city", description = "city ex: Bangalore") @PathVariable(name = "city") String city) {

		Map<String, Object> result = new HashMap<>();

		return ResponseEntity.ok(result);

	}

	@GetMapping("/say-hello")
	public ResponseEntity<String> sayHello() {
		return ResponseEntity.ok("Good Morning!!!!");

	}

}

Step 5: Define main application class.

 

App.java

package com.sample.app;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class App {
	public static void main(String[] args) {

		SpringApplication.run(App.class, args);

	}
}

Total project structure looks like below.




Run App.java.

 

Open the url ‘http://localhost:8080/swagger-ui/index.html’ to experiment with swagger endpoint.




Click on Authorize button, and enter some random value to the token.

 

 


Click on the button Authorize token, followed by Close button.

 

Experiment with the api /api/v1/users/by-city/{city}, you can observe that the Bearer token is attached to Authorization header.

 

 


Experiment with the api ‘/api/v1/users/say-hello’, you can observe that the Bearer token is not passed in the ‘Authorization’ header.




You can download complete working application from this link.



 

Previous                                                    Next                                                    Home

No comments:

Post a Comment