1. Overview

Swagger is very popular Rest API documentation tool, In this article, we will learn about how to the static header to all rest service which is called by swagger with the default value. We will also learn how to call secure API using Swagger in spring boot application. Most common way to secure API is basic authentication or secure using OAuth2 implementation.

The requirement of static header is that:

  • With basic authentication we need to pass Authorization header with combination of username:password.
  • While working with OAuth2 we requires to pass Authorization header with bearer [token]
  • Some times we requires to request header to each and every API at that we requires to pass static header to each rest API call.

We have tried to archive authentication of secure API using passed Authorization header to every API with a default value. That default value considers as any user’s credential which allowed to access those API. Here is an example of how to implements swagger in spring application with step by step.

2. Example

Here is sample source code to add the static header in swagger in spring application:

    @Bean
    public Docket api() {
        //Adding Header
        ParameterBuilder aParameterBuilder = new ParameterBuilder();
        aParameterBuilder.name("Authorization")                 // name of header
                         .modelRef(new ModelRef("string"))
                         .parameterType("header")               // type - header
                         .defaultValue("Basic em9uZTpteXBhc3N3b3Jk")        // based64 of - zone:mypassword
                         .required(true)                // for compulsory
                         .build();
        java.util.List<Parameter> aParameters = new ArrayList<>();
        aParameters.add(aParameterBuilder.build());             // add parameter
        return new Docket(DocumentationType.SWAGGER_2).select()
                                                      .apis(RequestHandlerSelectors
                                                              .any())
                                                      .paths(PathSelectors.any())
                                                      .build().
                                                              pathMapping("")
                                                      .globalOperationParameters(aParameters);
    }

Output:

 

add static header of basic authentication

add static header of basic authentication

 

SecurityConfiguration

Bypass all URL of swagger from spring security:

package com.javadeveloperzone;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
 * Created by Lenovo on 14-05-2018.
 */
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Autowired      // here is configuration related to spring boot basic authentication
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("zone").password("mypassword").roles("USER")
            .and()
            .withUser("zone2").password("mypassword").roles("USER");// those are user name and password
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .httpBasic() // it indicate basic authentication is requires
                .and()
                .authorizeRequests()
                .antMatchers(
                        HttpMethod.GET,
                        "/v2/api-docs",
                        "/swagger-resources/**",
                        "/swagger-ui.html**",
                        "/webjars/**",
                        "favicon.ico"
                ).permitAll()
                .anyRequest().authenticated(); // it's indicate all request will be secure
        http.csrf().disable();
    }
}

3. References

Was this post helpful?

Leave a Reply

Your email address will not be published. Required fields are marked *