1. Preface
Swagger 3.0 has been released for some time now, and has been used by more and more projects as a very useful documentation tool. And JWT is also the most commonly used security technology for front-end and back-end separation. So how do you add JWT Token to Swagger 3.0?
2. Adding JWTs in Swagger2
Let’s first review how JWT was added in Swagger2. In Swagger2 we declare the Docket
bean with a global parameter to inject an Authorization
request header.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
private List<Parameter> jwtToken() {
String jwt = "Bearer {jwt}";
ParameterBuilder tokenPar = new ParameterBuilder();
List<Parameter> pars = new ArrayList<>();
// 声明 key
tokenPar.name("Authorization")
// 文字说明
.description("jwt令牌")
// 类型为字符串
.modelRef(new ModelRef("string"))
// 参数形式为 header 参数
.parameterType("header")
// 默认值
.defaultValue(jwt)
// 是否必须
.required(false);
pars.add(tokenPar.build());
return pars;
}
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.apiInfo(apiInfo())
.globalOperationParameters(jwtToken())
.select()
.apis(RequestHandlerSelectors.any())
.paths(PathSelectors.any())
.build();
}
|
The effect is as follows, you just need to populate an available Jwt Token and you’re done.
But this approach only works for Swagger2 and doesn’t work in Swagger3.
3. Adding JWT in Swagger3
So how should I do it in Swagger3? Swagger3 is also injected in the declaration Docket
bean, as follows.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
@Bean
public Docket api() {
return new Docket(DocumentationType.OAS_30)
.apiInfo(apiInfo())
.securitySchemes(Collections.singletonList(HttpAuthenticationScheme.JWT_BEARER_BUILDER
// 显示用
.name("JWT")
.build()))
.securityContexts(Collections.singletonList(SecurityContext.builder()
.securityReferences(Collections.singletonList(SecurityReference.builder()
.scopes(new AuthorizationScope[0])
.reference("JWT")
.build()))
// 声明作用域
.operationSelector(o -> o.requestMappingPattern().matches("/.*"))
.build()))
.select()
.apis(RequestHandlerSelectors.any())
.paths(PathSelectors.any())
.build();
}
|
The configuration of JWT
is done through the securitySchemes
and securityReferences
methods provided by Docket
in Swagger3. The result and the flow are as follows.
We can see that the request will submit a Bearer Token :
It feels a bit more complicated to set up JWT in Swagger3 than in Swagger2, but it works just fine.
4. Summary
As two tools that are often used in projects, we don’t need to know the exact principle, just how to simplify our use and development.
Reference https://felord.cn/swagger-jwt.html