Springboot Oauth2 集成Swagger2权限验证实战

SAMXIE 2020-04-22

Swagger是什么?能干什么?在这就不展开讲解了。本文主要讲解如何集成OAuth2的Password模式权限验证,验证接口是否具有权限。

  1. 引入依赖
<dependency>
    <groupId>io.springfox</groupId>
    <artifactId>springfox-swagger2</artifactId>
    <version>2.9.2</version>
</dependency>
<dependency>
    <groupId>io.springfox</groupId>
    <artifactId>springfox-swagger-ui</artifactId>
    <version>2.9.2</version>
</dependency>

2.SwaggerConfig配置

package com.entfrm.core.swagger.config;

import com.entfrm.core.base.config.GlobalConfig;
import io.swagger.annotations.ApiOperation;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.OAuthBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.*;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spi.service.contexts.SecurityContext;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

import java.util.Arrays;
import java.util.Collections;

/**
 * @author entfrm
 * @date 2020/4/14
 * @description swagger 配置
 */
@Configuration
@EnableSwagger2
public class SwaggerConfig {

    @Bean
    public Docket createRestApi() {
        return new Docket(DocumentationType.SWAGGER_2)
                .pathMapping("/dev")
                .apiInfo(apiInfo())
                .select()
                .apis(RequestHandlerSelectors.withMethodAnnotation(ApiOperation.class))
                .paths(PathSelectors.any())
                .build()
                .securitySchemes(Collections.singletonList(securitySchemes()))
                .securityContexts(Collections.singletonList(securityContexts()));
    }


    /**
     * 认证方式使用密码模式
     */
    private SecurityScheme securitySchemes() {
        GrantType grantType = new ResourceOwnerPasswordCredentialsGrant("/dev/oauth/token");

        return new OAuthBuilder()
                .name("Authorization")
                .grantTypes(Collections.singletonList(grantType))
                .scopes(Arrays.asList(scopes()))
                .build();
    }

    /**
     * 设置 swagger2 认证的安全上下文
     */
    private SecurityContext securityContexts() {
        return SecurityContext.builder()
                .securityReferences(Collections.singletonList(new SecurityReference("Authorization", scopes())))
                .forPaths(PathSelectors.any())
                .build();
    }

    /**
     * 允许认证的scope
     */
    private AuthorizationScope[] scopes() {
        AuthorizationScope authorizationScope = new AuthorizationScope("test", "接口测试");
        AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
        authorizationScopes[0] = authorizationScope;
        return authorizationScopes;
    }

    /**
     * 添加摘要信息
     */
    private ApiInfo apiInfo() {
        // 用ApiInfoBuilder进行定制
        return new ApiInfoBuilder()
                // 设置标题
                .title(GlobalConfig.getName())
                // 描述
                .description(GlobalConfig.getName() + "接口文档")
                // 作者信息
                .contact(new Contact("entfrm", "http://47.100.3.58/", ""))
                // 版本
                .version("版本号:" + GlobalConfig.getVersion())
                .build();
    }
}

3.在Controller中注解@Api,@ApiOperation

/**
 * @author entfrm
 * @date 2020-04-01 10:04:11
 * @description 文章Controller
 */
@Api("文章管理")
@RestController
@AllArgsConstructor
@RequestMapping("/cms/article")
public class ArticleController {

    private final CategoryService categoryService;
    private final ArticleService articleService;

    @ApiOperation("文章列表")
    @PreAuthorize("@ps.hasPerm(‘article_view‘)")
    @GetMapping("/list")
    @ResponseBody
    public R list(Page page, Article article) {
        IPage<Article> articlePage = articleService.page(page, getQueryWrapper(article));
        return R.ok(articlePage.getRecords(), articlePage.getTotal());
    }
}

4.重启看下效果
Springboot Oauth2 集成Swagger2权限验证实战

5.码云地址

源码下载

相关推荐