search

xiaoymin / knife4j

Knife4j is a set of Swagger2 and OpenAPI3 All-in-one enhancement solution
https://doc.xiaominfo.com
Apache License 2.0
4.15k stars 622 forks source link

全局请求头Authorization无效的问题 #545

Open yongoe1024 opened 1 year ago

yongoe1024 commented 1 year ago

首先不是knife4j的问题,就看看能不能有啥办法 springboot3,

        <dependency>
            <groupId>com.github.xiaoymin</groupId>
            <artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
            <version>4.0.0</version>
        </dependency>

springdoc官网中,添加权限信息,需要配置文件

@Configuration
public class SwaggerConfig {
    @Bean
    public OpenAPI customOpenAPI() {
        return new OpenAPI().info(new Info()
                .title("系统API")
                .version("1.0")
                .components(new Components()
                        .addSecuritySchemes("Authorization",
                        new SecurityScheme()
                                .type(SecurityScheme.Type.HTTP)
                                .scheme("token")
                                .bearerFormat("")));

    }
}

同时在接口添加security = { @SecurityRequirement(name = "Authorization") },只有添加的接口在能携带请求头,非常麻烦

@Tag(name = "部门" )
@RestController
@RequestMapping("/basic/department")
public class DepartmentController {

    @Operation(summary = "查询", security = { @SecurityRequirement(name = "Authorization") })
    @PostMapping("/page")
    public R page(Long current, Long size, @RequestBody Department department) {
    }
xiaoymin commented 1 year ago

这个确实难搞。让我想想

somethingaw commented 1 year ago

我使用最新版本时,在/auth/token 接口内返回属性 token_type 后,可以将token 值带入全局header。

magese commented 1 year ago

4.1.0版本依然有这个问题,使用自带的 swagger-ui.html 可以正常的携带认证请求头。

以下设置的代码:

    @Bean
    public OpenAPI openAPI(Info info) {
        log.info("【SpringBean注册】 => io.swagger.v3.oas.models.OpenAPI");
        return new OpenAPI()
                .info(info)
                .schemaRequirement(tokenName, this.securityScheme())
                .addSecurityItem(new SecurityRequirement().addList(tokenName));
    }

    private SecurityScheme securityScheme() {
        SecurityScheme scheme = new SecurityScheme();
        scheme.setType(SecurityScheme.Type.APIKEY);
        scheme.setName(tokenName);
        scheme.setIn(SecurityScheme.In.HEADER);
        return scheme;
    }
kse-music commented 1 year ago

把security设置到每个path里就可以了

    @Bean
    public GlobalOpenApiCustomizer globalOpenApiCustomizer() {
        return openApi -> openApi.getPaths().values().stream().flatMap(pathItem -> pathItem.readOperations().stream()).forEach(operation -> operation.security(openApi.getSecurity()));
    }
careware134 commented 6 months ago

把security设置到每个path里就可以了

    @Bean
    public GlobalOpenApiCustomizer globalOpenApiCustomizer() {
        return openApi -> openApi.getPaths().values().stream().flatMap(pathItem -> pathItem.readOperations().stream()).forEach(operation -> operation.security(openApi.getSecurity()));
    }

it works for me~ (seems need openapi.schemaRequirement and operation.security both) @xiaoymin