启用/oauth/token端点springdoc-openapi-ui
启用/oauth/token端点springdoc-openapi-ui
提问于 2020-12-19 01:56:22
我正在从springfox-swagger2升级到springdoc-openapi-ui。我使用前端的swagger定义自动生成类型。springdoc-openapi-ui中缺少/oauth/token终结点。这是我的配置:
@Configuration
@OpenAPIDefinition(info = @Info(title = "title",
description = "description", version = "v1"))
@SecurityScheme(name = "security_auth", type = SecuritySchemeType.OAUTH2,
flows = @OAuthFlows(password = @OAuthFlow(
authorizationUrl = "${oauth.auth.url}",
tokenUrl = "${oauth.auth.url}/oauth/token", refreshUrl = "${oauth.auth.url}",
scopes = {@OAuthScope(name = "all", description = "all scope")})))
public class OpenApiConfig {}我有一个身份验证服务器,它是同一应用程序的一部分(与我的资源服务器共享相同的pom.xml。认证服务器的spring-security-oauth2如下所示:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DataSource dataSource;
@Autowired
private BCryptPasswordEncoder passwordEncoder;
public AuthorizationServerConfiguration() {
super();
}
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
// config
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) {
oauthServer.passwordEncoder(this.passwordEncoder)
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.tokenStore(tokenStore())
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}我的资源服务器如下所示:
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer security) throws Exception {
security.tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
.authorizeRequests()
.antMatchers("/roles/**").hasRole("INTERNAL")
.antMatchers("/priveleges/**").hasRole("INTERNAL")
.antMatchers("/gameSync/**").hasAnyRole("ADMIN", "INTERNAL")
.antMatchers(HttpMethod.POST, "/user").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll()
.antMatchers("/v3/**", "/v2/api-docs", "/configuration/**", "/swagger*/**", "/webjars/**", "/").permitAll()
.anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().exceptionHandling().accessDeniedHandler(accessDeniedHandler());
//@formatter:on
}
@Bean
public AccessDeniedHandler accessDeniedHandler() {
return new OAuth2AccessDeniedHandler();
}
}因此,安全配置非常基本,因为资源服务器定义了大部分内容:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private IUserService userService;
@Override
public void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}回答 1
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/65361769
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号