Each method of my REST api accepts an Authorization header. Now I need to fill out the header for each API method in Swagger UI.
How can I write Swagger annotation so I can fill the Authorization header once and then all my API methods can use it?
Thanks.
Related
I am looking for the solution to intercept
AbstractWebClientReactiveOAuth2AccessTokenResponseClient while using spring reactive Oauth2 with authorization grant type client_credentials? I am using hmac-auth-webclient provided here but this example only intercept the ClientRequest sent by webclient created in the configuration. While
ServerOAuth2AuthorizedClientExchangeFilterFunction using its own webclient instance to send the token request which doesnt get intercepted with the filters specified in the configuration. How can I force every webclient initiated in the application should use certain headers in the request such as Digest & signature headers?
I am expecting way to intercept webclient instance used AbstractWebClientReactiveOAuth2AccessTokenResponseClient to send some more custom headers with /token request.
Basic Spring Security is great as it comes with WebSecurity (preventing malformed URLs) along with setting up authentication and authorization.
As part of authenticating my web request, the digest of the request body needs to be verified against the digest value passed in the http header. Setting up the Spring Security filter, forces my auth filter to process a firewalled request. The firewalled request doesn't seem to expose the request body to the filter.
What is the correct way to set up the Spring Security filter so that I can inspect the request body?
Thanks!
In Spring Security there are many filter classes built in for to be extended and used for specific purposes. As in my experience most of (or all of them) have methods with overloads which have access to,
HttpServletRequest request, HttpServletResponse response
as method arguments, so that those can be used inside the method.
When the filter class is met with any request, these variables are then populated with related data thus the code inside the methods output as expected.
I have a microservice-A which gets the token as a header from another microservice-B. Now I want to implement swagger2 in microservice-A. The problem is every request flows through microservice-B. So swagger-ui throws error in local as
it is not able to get those header parameter which microservice-B is
trying to fetch.
It is not able to get those header parameter which microservice-B is trying to fetch.
Swagger on its own can't call the authenticator service and add the obtained token to another request's header.
You can modify the Docket object to accept additional parameter in header as below:
docket.globalOperationParameters(
Collections.singletonList(new ParameterBuilder()
.name("Authorization")
.description("Bearer [token]")
.modelRef(new ModelRef("string"))
.parameterType("string")
.required(true)
.build()
)
);
This will allow Swagger UI to show additional field to accept token (see image below). You need to obtain the token by yourself and can put in this field.
Hope this helps.
How can I change the render of Spring Oauth2 errors? For example when you try to access rest resource which is protected without providing Bearer header, this error is rendered by Spring Framework :
<oauth>
<error_description>Full authentication is required to access this resource</error_description>
<error>unauthorized</error>
</oauth>
I want it to render like my other API responses and error messages which I am handling with #ControllerAdvice and #ExceptionHandler annotations.
I have tried to provide WebResponseExceptionTranslator but it only triggers when I provide bad credentials.
I see that the DefaultOAuth2ExceptionRenderer is responsible for rendering this errors, but could not manage to change it.
I want to validate header parameters that I am going to send while calling REST of spring MVC. The validating class should return JSon object depending on result of validation. how can I do that?