![](/img/trans.png)
[英]How to add Header with Authorization for springdoc-openapi endpoint calls
[英]Documenting Spring Security's form login endpoint with springdoc-openapi
我需要幫助找到一種方法來使 Spring Security 的表單登錄端點在帶有 springdoc-openapi 的 swagger-ui 中工作。 我正在使用 SpringBoot 2.7.5 和 Spring Security 5.7.4,這些是項目依賴項的 rest:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.6.12</version>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-security</artifactId>
<version>1.6.12</version>
</dependency>
</dependencies>
Spring 用於通過表單登錄和定義用戶登錄詳細信息保護 /foos/ 端點的安全簡單配置。
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/foos/**")
.authenticated()
.and()
.formLogin()
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth, PasswordEncoder passwordEncoder) throws Exception {
auth.inMemoryAuthentication()
.withUser("user")
.password(passwordEncoder.encode("password"))
.roles("USER");
}
}
還有 foos Controller:
@RestController
@RequestMapping("foos")
public class FooController {
@GetMapping(value = "/{id}")
public Foo findById(@PathVariable("id") final Long id) {
return new Foo(randomAlphabetic(6));
}
@GetMapping
public List<Foo> findAll() {
return Lists.newArrayList(new Foo(randomAlphabetic(6)));
}
@PostMapping
@ResponseStatus(HttpStatus.CREATED)
public Foo create(@RequestBody final Foo foo) {
return foo;
}
}
還提供此屬性: springdoc.show-login-endpoint=true
並且登錄端點在 swagger-ui 中公開,但唯一的問題是唯一的請求正文類型是application/json
並且它在請求正文中將憑據發送為 json這會導致UsernamePasswordAuthenticationFilter
中的用戶名/密碼為 null。
示例代碼回購: https://github.com/adrianbob/springdoc-form-login
是否可以將請求主體類型配置為 application/x-www-form-urlencoded,以便表單登錄有效?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.