如何解决使用OpenAPI 3.0 / Swagger在API中使用oauth2进行Autherization
我目前正在研究一个需要API的项目,为此,我选择使用OpenAPI 3.0生成它。我的目标语言是Spring Java。
我的问题是,我的服务器不会拒绝http请求,而使用我的oauth2安全方案未授权该请求者。
例如,如果用户没有来自授权服务器的令牌,则我希望对作业路径的GET请求返回401 NOT AUTHORIZED响应代码。相反,我只是被允许访问资源。
我创建了一个授权服务器,该服务器在localhost:9000上运行。如果我没有运行授权服务器,如果请求者未被授权(我错了吗?),我仍然希望我的API返回401 NOT AUTHORIZED响应代码。生成的API类似乎也具有包含授权范围和方案的正确注释(请参见下面的示例)。
有人可以看到我在做什么错吗?
系统版本:
Macos Catalina 10.15.7
Java 1.8
OpenAPI 3.03
openapi-generator-cli-4.3.1
Intellij 20.2.3
我的API在以下YAML文件中定义:
openapi: "3.0.3"
info:
description: "API deFinition"
version: "1.0.0"
title: "Title"
servers:
- url: http://localhost:8080
components:
schemas:
job:
type: object
properties:
name:
type: string
id:
type: integer
format: i64
default: 0
securitySchemes:
OAuth2:
type: oauth2
flows:
authorizationCode:
authorizationUrl: http://localhost:9000/oauth2/authorize
tokenUrl: http://localhost:9000/oauth2/token
scopes:
read: Grants read access
write: Grants write access
admin: Grants access to admin operations
security:
- OAuth2:
- read
- write
paths:
/jobs:
get:
description: Returns a job file
operationId: jobsGet
"parameters": [
{
"in": "query","name": "name","description": "Job object that needs to be added to the store","required": true,"schema": {
"$ref": '#/components/schemas/job'
}
}
]
responses:
'200':
description: OK - Job recieved
content:
application/json:
schema:
type: string
format: binary
post:
operationId: jobsPost
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
name:
type: string
file:
type: string
format: binary
responses:
'200':
description: OK - Job Posted
content:
application/json:
schema:
type: integer
作业API已生成。似乎正确吗?
@Validated
@Api(
value = "jobs",description = "the jobs API"
)
public interface JobsApi {
default Optional<NativeWebRequest> getRequest() {
return Optional.empty();
}
@ApiOperation(
value = "",nickname = "jobsGet",notes = "Returns a job file",response = Resource.class,authorizations = {@Authorization(
value = "OAuth2",scopes = {@AuthorizationScope(
scope = "read",description = "Grants read access"
),@AuthorizationScope(
scope = "write",description = "Grants write access"
)}
)},tags = {}
)
@ApiResponses({@ApiResponse(
code = 200,message = "OK - Job recieved",response = Resource.class
)})
@RequestMapping(
value = {"/jobs"},produces = {"application/json"},method = {RequestMethod.GET}
)
default ResponseEntity<Resource> jobsGet(@NotNull @ApiParam(value = "Job object that needs to be added to the store",required = true) @Valid Job name) {
return new ResponseEntity(HttpStatus.NOT_IMPLEMENTED);
}
@ApiOperation(
value = "",nickname = "jobsPost",notes = "",response = Integer.class,message = "OK - Job Posted",response = Integer.class
)})
@RequestMapping(
value = {"/jobs"},consumes = {"multipart/form-data"},method = {RequestMethod.POST}
)
default ResponseEntity<Integer> jobsPost(@ApiParam("") @RequestPart(value = "name",required = false) String name,@ApiParam("") @Valid @RequestPart("file") multipartfile file) {
return new ResponseEntity(HttpStatus.NOT_IMPLEMENTED);
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
