Using 'security' attribute of @Operation annotation, we can declare which security mechanisms can be used for this operation.
Step 1: Define bearerAuth security scheme.
@Configuration
@OpenAPIDefinition(info = @Info(title = "Demo Application", version = "v1"))
@SecurityScheme(name = "bearerAuth", type = SecuritySchemeType.HTTP, bearerFormat = "JWT", scheme = "bearer")
public class OpenApi3Config {
}
Step 2: Apply bearerAuth scheme at method level.
@GetMapping("/by-city/{city}")
@Operation(summary = "My endpoint", security = { @SecurityRequirement(name = "bearerAuth") })
public ResponseEntity<Map<String, Object>> infoByCity(
@Parameter(name = "city", description = "city ex: Bangalore")
@PathVariable(name = "city") String city) {
Map<String, Object> result = new HashMap<>();
return ResponseEntity.ok(result);
}
Find the below working application.
Step 1: Create new maven project ‘openapi-enable-bearer-token-scheme-at-method-level’.
Step 2: Update pom.xml with maven dependencies.
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.sample.app</groupId>
<artifactId>openapi-enable-bearer-token-scheme-at-method-level</artifactId>
<version>1</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.4</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.6.6</version>
</dependency>
</dependencies>
</project>
Step 3: Define security scheme.
OpenApi3Config.java
package com.sample.app.config;
import org.springframework.context.annotation.Configuration;
import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.security.SecurityScheme;
@Configuration
@OpenAPIDefinition(info = @Info(title = "Demo Application", version = "v1"))
@SecurityScheme(name = "bearerAuth", type = SecuritySchemeType.HTTP, bearerFormat = "JWT", scheme = "bearer")
public class OpenApi3Config {
}
Step 4: Define UserController class.
UserController.java
package com.sample.app.controller;
import java.util.HashMap;
import java.util.Map;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;;
@RestController
@RequestMapping(value = "/api/v1/users")
@CrossOrigin("*")
public class UserController {
@GetMapping("/by-city/{city}")
@Operation(summary = "My endpoint", security = { @SecurityRequirement(name = "bearerAuth") })
public ResponseEntity<Map<String, Object>> infoByCity(
@Parameter(name = "city", description = "city ex: Bangalore") @PathVariable(name = "city") String city) {
Map<String, Object> result = new HashMap<>();
return ResponseEntity.ok(result);
}
@GetMapping("/say-hello")
public ResponseEntity<String> sayHello() {
return ResponseEntity.ok("Good Morning!!!!");
}
}
Step 5: Define main application class.
App.java
package com.sample.app;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class App {
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
}
Total project structure looks like below.
Run App.java.
Open the url ‘http://localhost:8080/swagger-ui/index.html’ to experiment with swagger endpoint.
Click on Authorize button, and enter some random value to the token.
Click on the button Authorize token, followed by Close button.
Experiment with the api /api/v1/users/by-city/{city}, you can observe that the Bearer token is attached to Authorization header.
Experiment with the api ‘/api/v1/users/say-hello’,
you can observe that the Bearer token is not passed in the ‘Authorization’ header.
You can download complete working application from this link.
No comments:
Post a Comment