Security is not added to Swagger from Open API generator
I am working on a new project in my team and we are implementing an API following the API first methodology. We are using openapi-generator-maven-plugin to generate our API from an yml file of format OpenAPI 3.0.3. To generate the swagger file we use springfox 2.9.2. The issue that I am facing is when I am trying to add security to the swagger for the requests.
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
security:
- bearerAuth: [ ]
The Authorize button doesn't appear in swagger page, only the lock near to the request appears but it doesn't do anything (see picture below).
What I observed is that if I open the /v2/api-docs the swagger json doesn't include the security definitions part.
The only way that I managed to add security is by adding by code in the Docket object the security part like so:
new Docket(DocumentationType.SWAGGER_2)
.securityContexts(Collections.singletonList(securityContext()))
.securitySchemes(Collections.singletonList(bearerJwtKey()))
.select()
.apis(RequestHandlerSelectors.basePackage("com.example"))
.paths(PathSelectors.any())
.build();
Is this the only way to add security to Swagger UI or am I missing something?
Reason: Bearer Auth isn't implemented in spring library yet :(
Workaround solution - extend generated Docket:
Import generated config class and then add a security schema (ApiKey) to the existing Docket bean. Example:
@Configuration
@Import(OpenAPIDocumentationConfig.class) // openapi generated config class
public class SwaggerConfiguration {
@Autowired
ApplicationContext context;
@PostConstruct
public void extendExistingDocketWithSecurity() {
Docket docket = context.getBean(Docket.class);
docker.securitySchemes(Collections.singletonList(bearer()));
}
private static ApiKey bearer() {
// where "bearerAuth" - name of your schema in YML spec. file
return new ApiKey ("bearerAuth", HttpHeaders.AUTHORIZATION, "header");
}
Done! You're awesome! Now you're using generated swagger config without overriding, but just extending
- maven-shade-plugin - Cannot find 'resource' in class org.apache.maven.plugins.shade.resource.ManifestResourceTransformer
- How to call another api from same app in spring boot
- Spring initializing the @Value annotation property from a static field
- 403 Forbidden when introducing authorization on spring boot rest
- org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Unrecognized field "error" not marked as ignorable
- Stackoverflow when evaluate expression intellij with JPA Spring Boot
- Spring Boot - no log file written (logging.file is not respected)
- How can I create two beans of same class in a Spring Context?
- How to inject multiple implementations of same type with Spring Boot?
- How to log the active configuration in a Spring Boot application?
- Cannot debug / stop a springboot app with IntelliJ Idea community
- How to manage application.properties in Github CI/CD
- spring boot application running but endpoint throwing 404
- GraalVM native image build fails using EclipseStore: Unable to access java.util.Collections$SetFromMap despite --add-opens
- Designing one-to-one and one-to-many relationships in Spring Data R2DBC
- Spring Boot - Custom JsonDeserializer is ignored
- How to change the background color of Anchore
- Spring Security error creating bean with name 'securityConfig': Injection of autowired dependencies failed
- @Transactional rollback is not working in spring boot application?
- Swagger declaration schema = @Schema(implementation = Map.class) represents Schema as String in swagger-ui
- Is there a way to disable Testcontainers depending on Spring profile?
- Use Entra ID as Identity Provider for Client Credentials flow
- How to collect all fields annotated with @RequestParam into one object
- Adding a new package broke my Spring Boot Application
- Spring boot validation problem: understanding the MethodArgumentNotValidException
- Are multiple requests handled by single thread in Spring Boot until certain requests threshold is reached?
- SpringBoot OpenAPI definition polymorphism with anyOf and discriminatorProperty
- Compilation error after upgrading to JDK 21 - "NoSuchFieldError: JCImport does not have member field JCTree qualid"
- Springboot endpoint 403 OPTIONS when doing a POST request
- Springboot not triggering custom authentication for my loaduserbyusername method