Login/Register
Spring Zuul Gateway Swagger-UI For All Micro-services
Asked Answered
spring-bootswaggerspring-security-oauth2netflix-zuul
S

0

8

(I'm sorry if I'm not making any sense, it's pretty late and I just can't seem to find an answer)

We're using spring boot microservices, with a netflix zuul gateway, and we'd like to access all the endpoint listings there. We have swagger-ui set up on the gateway, and we can curl the /v2/api-docs of our micro-services, but we have no idea how we could show that in the swagger-ui.

I tried using this method first. (I'm linking from pastebin, because it's fairly long, and I don't know if it's considered bad practise to include it in a post.)
It showed me the endpoints of the gateway, but not the micro-services. It also let me get a token from our auth-service.

Then I tried this one, with this I actually get a 401 from the micro-services I added. 

@Component
@Primary
@EnableAutoConfiguration
public class SwaggerAggregatorController implements SwaggerResourcesProvider {
    @Override
    public List<SwaggerResource> get() {
        List<SwaggerResource> resources= new ArrayList<>();
        SwaggerResource swaggerResource = new SwaggerResource();
        swaggerResource.setName("ms-name");
        swaggerResource.setLocation("/ms-name/v2/api-docs");
        swaggerResource.setSwaggerVersion("2.0");

        resources.add(swaggerResource);
        return resources;
    }
}

I can get the json with http://gateway/ms/v2/api-docs in postman, using a Bearer token.
We use OAuth2. Of course when I load up swagger-ui I get the expected 

{"error":"unauthorized","error_description":"Full authentication is required to access this resource"}

So I should add a Bearer token to the requests, but I'd need to get that from the auth-service, which uses OAuth2. How should I go about authorising swagger so it could get all the resources from the other micro-services?

Again, my apologies if I'm not making any sense.

If there's any additional information I should provide please tell me!

EDIT: So I've removed authentication from /v2/api-docs on the micro-services, so that the front-end people can work their magic too. Obviously I'd like to keep it secure, but this was the only fix I've found. Albeit temporary, and not that secure. Plus, almost all the endpoints need a bearer token to work, so the "Try it out!" part of swagger is useless at the moment.

Seurat answered 12/8, 2018 at 21:40 Comment(1)
have you found any solutions?Turbit

© 2022 - 2024 — McMap. All rights reserved.