Fix swagger Authorization header

ezphyki · Jul 19, 2020 · 6b076ad · 6b076ad
1 parent c341ba4
commit 6b076ad
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 8 deletions.
diff --git a/src/main/java/murraco/configuration/SwaggerConfig.java b/src/main/java/murraco/configuration/SwaggerConfig.java
@@ -1,7 +1,8 @@
 package murraco.configuration;
 
-import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 import java.util.Optional;
 
 import org.springframework.context.annotation.Bean;
@@ -14,9 +15,12 @@
 import springfox.documentation.builders.RequestHandlerSelectors;
 import springfox.documentation.service.ApiInfo;
 import springfox.documentation.service.ApiKey;
+import springfox.documentation.service.AuthorizationScope;
 import springfox.documentation.service.Contact;
+import springfox.documentation.service.SecurityReference;
 import springfox.documentation.service.Tag;
 import springfox.documentation.spi.DocumentationType;
+import springfox.documentation.spi.service.contexts.SecurityContext;
 import springfox.documentation.spring.web.plugins.Docket;
 import springfox.documentation.swagger2.annotations.EnableSwagger2;
 
@@ -33,22 +37,40 @@ public Docket api() {
         .build()//
         .apiInfo(metadata())//
         .useDefaultResponseMessages(false)//
-        .securitySchemes(new ArrayList<>(Arrays.asList(new ApiKey("Bearer %token", "Authorization", "Header"))))//
+        .securitySchemes(Collections.singletonList(apiKey()))
+        .securityContexts(Collections.singletonList(securityContext()))
+        // .securitySchemes(Arrays.asList(new ApiKey("Bearer %token", "Authorization", "Header")))//
         .tags(new Tag("users", "Operations about users"))//
-        .tags(new Tag("ping", "Just a ping"))//
         .genericModelSubstitutes(Optional.class);
 
   }
 
   private ApiInfo metadata() {
     return new ApiInfoBuilder()//
         .title("JSON Web Token Authentication API")//
-        .description(
-            "This is a sample JWT authentication service. You can find out more about JWT at [https://jwt.io/](https://jwt.io/). For this sample, you can use the `admin` or `client` users (password: admin and client respectively) to test the authorization filters. Once you have successfully logged in and obtained the token, you should click on the right top button `Authorize` and introduce it with the prefix \"Bearer \".")//
+        .description("This is a sample JWT authentication service. You can find out more about JWT at [https://jwt.io/](https://jwt.io/). For this sample, you can use the `admin` or `client` users (password: admin and client respectively) to test the authorization filters. Once you have successfully logged in and obtained the token, you should click on the right top button `Authorize` and introduce it with the prefix \"Bearer \".")//
         .version("1.0.0")//
         .license("MIT License").licenseUrl("http://opensource.org/licenses/MIT")//
         .contact(new Contact(null, null, "[email protected]"))//
         .build();
   }
+
+  private ApiKey apiKey() {
+    return new ApiKey("Authorization", "Authorization", "header");
+  }
+
+  private SecurityContext securityContext() {
+    return SecurityContext.builder()
+        .securityReferences(defaultAuth())
+        .forPaths(PathSelectors.any())
+        .build();
+  }
+
+  private List<SecurityReference> defaultAuth() {
+    AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
+    AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
+    authorizationScopes[0] = authorizationScope;
+    return Arrays.asList(new SecurityReference("Authorization", authorizationScopes));
+  }
 
 }
diff --git a/src/main/java/murraco/controller/UserController.java b/src/main/java/murraco/controller/UserController.java
@@ -19,6 +19,7 @@
 import io.swagger.annotations.ApiParam;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.Authorization;
 import murraco.dto.UserDataDTO;
 import murraco.dto.UserResponseDTO;
 import murraco.model.User;
@@ -59,7 +60,7 @@ public String signup(@ApiParam("Signup User") @RequestBody UserDataDTO user) {
 
   @DeleteMapping(value = "/{username}")
   @PreAuthorize("hasRole('ROLE_ADMIN')")
-  @ApiOperation(value = "${UserController.delete}")
+  @ApiOperation(value = "${UserController.delete}", authorizations = { @Authorization(value="apiKey") })
   @ApiResponses(value = {//
       @ApiResponse(code = 400, message = "Something went wrong"), //
       @ApiResponse(code = 403, message = "Access denied"), //
@@ -72,7 +73,7 @@ public String delete(@ApiParam("Username") @PathVariable String username) {
 
   @GetMapping(value = "/{username}")
   @PreAuthorize("hasRole('ROLE_ADMIN')")
-  @ApiOperation(value = "${UserController.search}", response = UserResponseDTO.class)
+  @ApiOperation(value = "${UserController.search}", response = UserResponseDTO.class, authorizations = { @Authorization(value="apiKey") })
   @ApiResponses(value = {//
       @ApiResponse(code = 400, message = "Something went wrong"), //
       @ApiResponse(code = 403, message = "Access denied"), //
@@ -84,7 +85,7 @@ public UserResponseDTO search(@ApiParam("Username") @PathVariable String usernam
 
   @GetMapping(value = "/me")
   @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_CLIENT')")
-  @ApiOperation(value = "${UserController.me}", response = UserResponseDTO.class)
+  @ApiOperation(value = "${UserController.me}", response = UserResponseDTO.class, authorizations = { @Authorization(value="apiKey") })
   @ApiResponses(value = {//
       @ApiResponse(code = 400, message = "Something went wrong"), //
       @ApiResponse(code = 403, message = "Access denied"), //