Login/Register
Security is not added to Swagger from Open API generator
Asked Answered
Solved spring-bootswaggeropenapiopenapi-generator
I

1

6

I am working on a new project in my team and we are implementing an API following the API first methodology. We are using openapi-generator-maven-plugin to generate our API from an yml file of format OpenAPI 3.0.3. To generate the swagger file we use springfox 2.9.2. The issue that I am facing is when I am trying to add security to the swagger for the requests.

components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
security:
  - bearerAuth: [ ]

The Authorize button doesn't appear in swagger page, only the lock near to the request appears but it doesn't do anything (see picture below).

What I observed is that if I open the /v2/api-docs the swagger json doesn't include the security definitions part.

The only way that I managed to add security is by adding by code in the Docket object the security part like so:

new Docket(DocumentationType.SWAGGER_2)
    .securityContexts(Collections.singletonList(securityContext()))
    .securitySchemes(Collections.singletonList(bearerJwtKey()))
    .select()
    .apis(RequestHandlerSelectors.basePackage("com.example"))
    .paths(PathSelectors.any())
    .build();

Is this the only way to add security to Swagger UI or am I missing something?

enter image description here

Ical answered 30/7, 2021 at 6:1 Comment(2)
Hi! Have you found a solution?Kling
@Kling please checkout my workaround solutionTrochilus
T
6

Reason: Bearer Auth isn't implemented in spring library yet :(

Workaround solution - extend generated Docket:

Import generated config class and then add a security schema (ApiKey) to the existing Docket bean. Example:

@Configuration
@Import(OpenAPIDocumentationConfig.class) // openapi generated config class
public class SwaggerConfiguration {
   @Autowired
   ApplicationContext context;

   @PostConstruct
   public void extendExistingDocketWithSecurity() {
      Docket docket = context.getBean(Docket.class);
      docker.securitySchemes(Collections.singletonList(bearer()));
   }

   private static ApiKey bearer() {
      // where "bearerAuth" - name of your schema in YML spec. file
      return new ApiKey ("bearerAuth", HttpHeaders.AUTHORIZATION, "header");
   }

Done! You're awesome! Now you're using generated swagger config without overriding, but just extending

Trochilus answered 18/10, 2021 at 14:27 Comment(4)
Just a very very small correction: the link you probably wanted to provide is from spring generator, not from java generator. In Java generator it says that it is supported, but not in spring one, as you pointed out. Here is the correct link openapi-generator.tech/docs/generators/spring/#security-featureMallorymallow
@MarcoBlos of course I said it's spring in my first line. Nobody asked for java generator. Question was about spring, and I wrote about springTrochilus
I agree with you and your response is correct. I just pointed out to the link you added. The link point to Java Generator instead of Spring Generator. I tried to edit your post, but the queue was full.Mallorymallow
i have the same issue with apiKey and it is supportedDoncaster

© 2022 - 2024 — McMap. All rights reserved.