Table of Contents
1. Overview
Swagger is very popular Rest API documentation tool, In this article, we will learn about how to the static header to all rest service which is called by swagger with the default value. We will also learn how to call secure API using Swagger in spring boot application. Most common way to secure API is basic authentication or secure using OAuth2 implementation.
The requirement of static header is that:
- With basic authentication we need to pass Authorization header with combination of username:password.
- While working with OAuth2 we requires to pass Authorization header with bearer [token].
- Some times we requires to request header to each and every API at that we requires to pass static header to each rest API call.
We have tried to archive authentication of secure API using passed Authorization header to every API with a default value. That default value considers as any user’s credential which allowed to access those API. Here is an example of how to implements swagger in spring application with step by step.
2. Example
Here is sample source code to add the static header in swagger in spring application:
@Bean
public Docket api() {
//Adding Header
ParameterBuilder aParameterBuilder = new ParameterBuilder();
aParameterBuilder.name("Authorization") // name of header
.modelRef(new ModelRef("string"))
.parameterType("header") // type - header
.defaultValue("Basic em9uZTpteXBhc3N3b3Jk") // based64 of - zone:mypassword
.required(true) // for compulsory
.build();
java.util.List<Parameter> aParameters = new ArrayList<>();
aParameters.add(aParameterBuilder.build()); // add parameter
return new Docket(DocumentationType.SWAGGER_2).select()
.apis(RequestHandlerSelectors
.any())
.paths(PathSelectors.any())
.build().
pathMapping("")
.globalOperationParameters(aParameters);
}Output:
add static header of basic authentication
SecurityConfiguration
Bypass all URL of swagger from spring security:
package com.javadeveloperzone;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* Created by Lenovo on 14-05-2018.
*/
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired // here is configuration related to spring boot basic authentication
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("zone").password("mypassword").roles("USER")
.and()
.withUser("zone2").password("mypassword").roles("USER");// those are user name and password
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic() // it indicate basic authentication is requires
.and()
.authorizeRequests()
.antMatchers(
HttpMethod.GET,
"/v2/api-docs",
"/swagger-resources/**",
"/swagger-ui.html**",
"/webjars/**",
"favicon.ico"
).permitAll()
.anyRequest().authenticated(); // it's indicate all request will be secure
http.csrf().disable();
}
}
3. References
Was this post helpful?
Let us know if you liked the post. That’s the only way we can improve.
