Swagger整合Jwt授权配置

欢迎关注博主公众号「Java大师」, 专注于分享Java领域干货文章http://www.javaman.cn/sb2/swagger-jwt

一、Swagger入门

1、什么是Swagger

Swagger 是一个规范和完整的框架，用于生成、描述、调用和可视化 RESTful 风格的 Web 服务，它有着如下的优点：

1）及时性 (接口变更后，能够及时准确地通知相关前后端开发人员)

2）规范性 (并且保证接口的规范性，如接口的地址，请求方式，参数及响应格式和错误信息)

3）一致性 (接口信息一致，不会出现因开发人员拿到的文档版本不一致，而出现分歧)

4）可测性 (直接在接口文档上进行测试，以方便理解业务)

2、Swagger生成文档

1）添加pom.xml依赖

<pre class="md-fences md-end-block md-fences-with-lineno" lang="xml" contenteditable="false" cid="n252" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: monospace, monospace; font-size: 0.9em; white-space: pre; display: block; break-inside: avoid; text-align: left; background-image: ; background-position: var(--code-block-bg-color); background-size: ; background-repeat: var(--code-block-bg-color); background-attachment: ; background-origin: ; background-clip: ; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">

<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.7.0</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.7.0</version>
</dependency></pre>

2）创建swagger配置文件

<pre class="md-fences md-end-block md-fences-with-lineno" lang="java" contenteditable="false" cid="n255" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: monospace, monospace; font-size: 0.9em; white-space: pre; display: block; break-inside: avoid; text-align: left; background-image: ; background-position: var(--code-block-bg-color); background-size: ; background-repeat: var(--code-block-bg-color); background-attachment: ; background-origin: ; background-clip: ; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">
@Configuration
@EnableSwagger2
public class Swagger2Config {

  @Bean
  public Docket apiConfig() {
      //创建基于Swagger2的配置文件
      return new Docket(DocumentationType.SWAGGER_2)
              // 调用apiInfo方法,创建一个ApiInfo实例,里面是展示在文档页面信息内容
              .apiInfo(apiInfo());
  }
  private ApiInfo apiInfo() {
      return new ApiInfoBuilder()
              //标题
              .title("接口文档")
              //描述
              .description("接口文档")
              //版本
              .version("1.0")
              //作者信息
              .contact(new Contact("java大师", "http://localhost:8081", "xxx@qq.com"))
              .build();
  }

}</pre>

3）启动程序

访问路径：http://localhost:8081/swagger-ui.html ，出现生成的文档页面。

image

此为原生界面，很难看，所以我们需要引入swagger-bootstrap-ui，也就是Knife4j的前身

4）使用Knife4j

a）添加pom.xml依赖

<pre class="md-fences md-end-block md-fences-with-lineno" lang="xml" contenteditable="false" cid="n268" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: monospace, monospace; font-size: 0.9em; white-space: pre; display: block; break-inside: avoid; text-align: left; background-image: ; background-position: var(--code-block-bg-color); background-size: ; background-repeat: var(--code-block-bg-color); background-attachment: ; background-origin: ; background-clip: ; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">
<dependency>
<groupId>com.github.xiaoymin</groupId>
<artifactId>knife4j-spring-boot-starter</artifactId>
<version>2.0.7</version>
</dependency></pre>

b）开启Swagger2配置

<pre class="md-fences md-end-block md-fences-with-lineno" lang="java" contenteditable="false" cid="n271" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: monospace, monospace; font-size: 0.9em; white-space: pre; display: block; break-inside: avoid; text-align: left; background-image: ; background-position: var(--code-block-bg-color); background-size: ; background-repeat: var(--code-block-bg-color); background-attachment: ; background-origin: ; background-clip: ; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">
import java.util.ArrayList;
import java.util.List;

@Configuration
@EnableSwagger2
public class Swagger2Config {
@Bean
public Docket createRestApi() {
return new Docket(DocumentationType.SWAGGER_2)
.pathMapping("/")
.apiInfo(apiInfo())
.select()
//swagger要扫描的包路径
.apis(RequestHandlerSelectors.basePackage("com.dsblog.server.controller"))
.paths(PathSelectors.any())
.build()
}

  private ApiInfo apiInfo() {
      return new ApiInfoBuilder().title("dsblog接口文档")
              .contact(new Contact("java大师","http://localhost:8081/doc.html","fry000@qq.com"))
              .version("1.0").description("dsblog接口文档").build();
  }</pre>

b）重启服务

访问地址：http://localhost:8081/doc.html，这个ui界面看起来就更美观，更符合国人的使用习惯

image

二、Swagger整合Jwt

1、添加pom.xml依赖

<parent>
  <groupId>com.dsblog</groupId>
  <artifactId>dsblog</artifactId>
  <version>0.0.1-SNAPSHOT</version>
</parent>

<groupId>com.dsblog</groupId>
<artifactId>dsblog-server</artifactId>
<version>0.0.1-SNAPSHOT</version>

<properties>
  <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  <maven.compiler.source>1.8</maven.compiler.source>
  <maven.compiler.target>1.8</maven.compiler.target>
</properties>

<dependencies>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
  </dependency>
  <dependency>
    <groupId>org.projectlombok</groupId>
    <artifactId>lombok</artifactId>
    <optional>true</optional>
  </dependency>
  <dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
    <scope>runtime</scope>
  </dependency>
  <dependency>
    <groupId>com.baomidou</groupId>
    <artifactId>mybatis-plus-boot-starter</artifactId>
    <version>3.4.0</version>
  </dependency>
  <dependency>
    <groupId>org.freemarker</groupId>
    <artifactId>freemarker</artifactId>
    <version>2.3.31</version>
  </dependency>
  <dependency>
    <groupId>com.baomidou</groupId>
    <artifactId>mybatis-plus-generator</artifactId>
    <version>3.3.2</version>
  </dependency>
  <dependency>
    <groupId>io.swagger</groupId>
    <artifactId>swagger-annotations</artifactId>
    <version>1.5.20</version>
  </dependency>
  <!--swagger-->
  <dependency>
    <groupId>io.springfox</groupId>
    <artifactId>springfox-swagger2</artifactId>
    <version>2.7.0</version>
  </dependency>
  <dependency>
    <groupId>io.springfox</groupId>
    <artifactId>springfox-swagger-ui</artifactId>
    <version>2.7.0</version>
  </dependency>
  <dependency>
    <groupId>com.github.xiaoymin</groupId>
    <artifactId>knife4j-spring-boot-starter</artifactId>
    <version>2.0.7</version>
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
    <version>2.3.6.RELEASE</version>
  </dependency>
  <dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
  </dependency>
</dependencies>

</project></pre>

2、创建Swagger2Config配置文件

<pre class="md-fences md-end-block md-fences-with-lineno" lang="java" contenteditable="false" cid="n285" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: monospace, monospace; font-size: 0.9em; white-space: pre; display: block; break-inside: avoid; text-align: left; background-image: ; background-position: var(--code-block-bg-color); background-size: ; background-repeat: var(--code-block-bg-color); background-attachment: ; background-origin: ; background-clip: ; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">
package com.dsblog.server.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.*;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spi.service.contexts.SecurityContext;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

import java.util.ArrayList;
import java.util.List;

  private ApiInfo apiInfo() {
      return new ApiInfoBuilder().title("dsblog接口文档")
              .contact(new Contact("java大师","http://localhost:8081/doc.html","fry000@qq.com"))
              .version("1.0").description("dsblog接口文档").build();
  }

  private List<SecurityContext> securityContexts() {
      //设置需要登录认证的路径
      List<SecurityContext> result = new ArrayList<>();
      result.add(getContextByPath("/.*"));
      return result;
  }

//通过pathRegex获取SecurityContext对象
  private SecurityContext getContextByPath(String pathRegex) {
      return SecurityContext.builder()
              .securityReferences(defaultAuth())
              .forPaths(PathSelectors.regex(pathRegex))
              .build();
  }

 //默认为全局的SecurityReference对象
  private List<SecurityReference> defaultAuth() {
      List<SecurityReference> result = new ArrayList<>();
      AuthorizationScope authorizationScope = new AuthorizationScope("global",
              "accessEverything");
      AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
      authorizationScopes[0] = authorizationScope;
      result.add(new SecurityReference("Authorization", authorizationScopes));
      return result;
  }

  private List<ApiKey> securitySchemes() {
      //设置请求头信息
      List<ApiKey> result = new ArrayList<>();
      ApiKey apiKey = new ApiKey("Authorization", "Authorization", "header");
      result.add(apiKey);
      return result;
  }

}</pre>

3、创建SecurityConfig配置文件

<pre class="md-fences md-end-block md-fences-with-lineno" lang="java" contenteditable="false" cid="n288" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: monospace, monospace; font-size: 0.9em; white-space: pre; display: block; break-inside: avoid; text-align: left; background-image: ; background-position: var(--code-block-bg-color); background-size: ; background-repeat: var(--code-block-bg-color); background-attachment: ; background-origin: ; background-clip: ; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">
package com.dsblog.server.config.security;

import com.dsblog.server.model.User;
import com.dsblog.server.service.IUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  private IUserService userService;
  @Autowired
  private RestAuthorizationEntryPoint restAuthorizationEntryPoint;
  @Autowired
  private RestAccessDeniedHandler restAccessDeniedHandler;

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
      auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
  }

 //主要的配置文件，antMatchers匹配的路径，全部忽略，不进行JwtToken的认证
  @Override
  public void configure(WebSecurity web) throws Exception {
      web.ignoring().antMatchers(
              "/login",
              "/logout",
              "/css/**",
              "/js/**",
              "/index.html",
              "favicon.ico",
              "/doc.html",
              "/webjars/**",
              "/swagger-resources/**",
              "/v2/api-docs/**"
      );
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
      http.csrf().disable()
              .sessionManagement()
              .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
              .and()
              .authorizeRequests()
              .anyRequest().authenticated()
              .and()
              .headers()
              .cacheControl();
      //添加Jwt登录授权拦截器
      http.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
      //添加未登录和未授权结果返回
      http.exceptionHandling()
              .accessDeniedHandler(restAccessDeniedHandler)
              .authenticationEntryPoint(restAuthorizationEntryPoint);
  }

  @Override
  @Bean
  public UserDetailsService userDetailsService(){
      return username -> {
          User user = userService.getUserByUsername(username);
          if(null!=user){
              return user;
          }
          return null;
      };
  }

  @Bean
  public PasswordEncoder passwordEncoder(){
      return new BCryptPasswordEncoder();
  }

  @Bean
  public  JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter(){
      return new JwtAuthenticationTokenFilter();
  }

}</pre>

4、创建测试Controller，其中/login登录和/logout退出方法不需要Authorize验证，和上面的重写方法<mark style="box-sizing: border-box; background: rgb(255, 255, 0); color: rgb(0, 0, 0);">configure(WebSecurity web）</mark>匹配，user/info方法需要Authorize验证才能进行访问

<pre class="md-fences md-end-block md-fences-with-lineno" lang="java" contenteditable="false" cid="n291" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: monospace, monospace; font-size: 0.9em; white-space: pre; display: block; break-inside: avoid; text-align: left; background-image: ; background-position: var(--code-block-bg-color); background-size: ; background-repeat: var(--code-block-bg-color); background-attachment: ; background-origin: ; background-clip: ; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">
package com.dsblog.server.controller;

import com.dsblog.server.model.ResultBean;
import com.dsblog.server.model.User;
import com.dsblog.server.model.UserLoginParam;
import com.dsblog.server.service.IUserService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import java.security.Principal;

@Api(tags = "LoginController")
@RestController
public class LoginController {

  @Autowired
  private IUserService userService;

  @ApiOperation("登录")
  @PostMapping("/login")
  public ResultBean login(@RequestBody UserLoginParam userLoginParam, HttpServletRequest request){
      return userService.login(userLoginParam.getUsername(),userLoginParam.getPassword(),request);
  }

  @ApiOperation("退出")
  @PostMapping("/logout")
  public ResultBean logout(){
      return ResultBean.success("退出成功！");
  }

  @ApiOperation("获取当前登录用户")
  @GetMapping("/user/info")
  public User getUserInfo(Principal principal){
      if(null == principal){
          return null;
      }
      String username = principal.getName();
      User user = userService.getUserByUsername(username);
      user.setPassword(null);
      return user;
  }

}</pre>

5、重启程序，输入http://localhost:8081/doc.html

image

6、测试

1）首先调用/user/info，会看到提示未登录，请先登录。需要登录授权才能够进行方法的测试

image

2）接着调用登录请求，输入用户名和密码获取JwtToken

image

3）获取token后，监测网络，发现会将Authorization放入请求头部发送到后台

image

4）Authorize加入Bearer和JwtToken

image

5）携带token发送到后台获取用户信息，验证通过

人面猴
序言：七十年代末，一起剥皮案震惊了整个滨河市，随后出现的几起案子，更是在滨河造成了极大的恐慌，老刑警刘岩，带你破解...
沈念sama阅读 221,198评论 6赞 514
死咒
序言：滨河连续发生了三起死亡事件，死亡现场离奇诡异，居然都是意外死亡，警方通过查阅死者的电脑和手机，发现死者居然都...
沈念sama阅读 94,334评论 3赞 398
救了他两次的神仙让他今天三更去死
文/潘晓璐我一进店门，熙熙楼的掌柜王于贵愁眉苦脸地迎上来，“玉大人，你说我怎么就摊上这事。” “怎么了？”我有些...
开封第一讲书人阅读 167,643评论 0赞 360
道士缉凶录：失踪的卖姜人
文/不坏的土叔我叫张陵，是天一观的道长。经常有香客问我，道长，这世上最难降的妖魔是什么？我笑而不...
开封第一讲书人阅读 59,495评论 1赞 296
港岛之恋（遗憾婚礼）
正文为了忘掉前任，我火速办了婚礼，结果婚礼上，老公的妹妹穿的比我还像新娘。我一直安慰自己，他们只是感情好，可当我...
茶点故事阅读 68,502评论 6赞 397
恶毒庶女顶嫁案：这布局不是一般人想出来的
文/花漫我一把揭开白布。她就那样静静地躺着，像睡着了一般。火红的嫁衣衬着肌肤如雪。梳的纹丝不乱的头发上，一...
开封第一讲书人阅读 52,156评论 1赞 308
城市分裂传说
那天，我揣着相机与录音，去河边找鬼。笑死，一个胖子当着我的面吹牛，可吹牛的内容都是我干的。我是一名探鬼主播，决...
沈念sama阅读 40,743评论 3赞 421
双鸳鸯连环套：你想象不到人心有多黑
文/苍兰香墨我猛地睁开眼，长吁一口气：“原来是场噩梦啊……” “哼！你这毒妇竟也来了？” 一声冷哼从身侧响起，我...
开封第一讲书人阅读 39,659评论 0赞 276
万荣杀人案实录
序言：老挝万荣一对情侣失踪，失踪者是张志新（化名）和其女友刘颖，没想到半个月后，有当地人在树林里发现了一具尸体，经...
沈念sama阅读 46,200评论 1赞 319
护林员之死
正文独居荒郊野岭守林人离奇死亡，尸身上长有42处带血的脓包…… 初始之章·张勋以下内容为张勋视角年9月15日...
茶点故事阅读 38,282评论 3赞 340
白月光启示录
正文我和宋清朗相恋三年，在试婚纱的时候发现自己被绿了。大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
茶点故事阅读 40,424评论 1赞 352
活死人
序言：一个原本活蹦乱跳的男人离奇死亡，死状恐怖，灵堂内的尸体忽然破棺而出，到底是诈尸还是另有隐情，我是刑警宁泽，带...
沈念sama阅读 36,107评论 5赞 349
日本核电站爆炸内幕
正文年R本政府宣布，位于F岛的核电站，受9级特大地震影响，放射性物质发生泄漏。R本人自食恶果不足惜，却给世界环境...
茶点故事阅读 41,789评论 3赞 333
男人毒药：我在死后第九天来索命
文/蒙蒙一、第九天我趴在偏房一处隐蔽的房顶上张望。院中可真热闹，春花似锦、人声如沸。这庄子的主人今日做“春日...
开封第一讲书人阅读 32,264评论 0赞 23
一桩弑父案，背后竟有这般阴谋
文/苍兰香墨我抬头看了看天上的太阳。三九已至，却和暖如春，着一层夹袄步出监牢的瞬间，已是汗流浃背。一阵脚步声响...
开封第一讲书人阅读 33,390评论 1赞 271
情欲美人皮
我被黑心中介骗来泰国打工，没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留，地道东北人。一个月前我还...
沈念sama阅读 48,798评论 3赞 376
代替公主和亲
正文我出身青楼，却偏偏与公主长得像，于是被迫代替她去往敌国和亲。传闻我的和亲对象是个残疾皇子，可洞房花烛夜当晚...
茶点故事阅读 45,435评论 2赞 359

Swagger整合Jwt授权配置