I want to ignore the swagger URL's based on active profiles in spring boot application. I found #ApiIgnore and #Hidden, but they hide API irrespective of profile. Here, I want to hide some API's only for PROD but not other profile(i.e., DEV, UAT, etc.,). Is there a way I can achieve this. Please suggest
They are multiple way of doing this, one simple approach (but not elegant at all) is to actually create multiple Docket's for different profiles.
Example:
#Configuration
public class SpringFoxConfig {
#Bean
#Profile("dev")
public Docket getDocketForDev() {
final Set<String> produces = new HashSet<String>();
produces.add(MediaType.APPLICATION_JSON_VALUE);
produces.add(MediaType.APPLICATION_XML_VALUE);
return new Docket(DocumentationType.OAS_30)
.apiInfo(new ApiInfoBuilder()
.title("Note API")
.description("A CRUD API to demonstrate Springfox 3 integration")
.version("0.0.1")
.license("MIT")
.licenseUrl("https://opensource.org/licenses/MIT")
.build())
.produces(produces).consumes(produces)
.select()
.apis(RequestHandlerSelectors.withClassAnnotation(RestController.class))
.build();
}
#Bean
#Profile("prod")
public Docket getDocketForProd() {
final Set<String> produces = new HashSet<String>();
produces.add(MediaType.APPLICATION_JSON_VALUE);
produces.add(MediaType.APPLICATION_XML_VALUE);
return new Docket(DocumentationType.OAS_30)
.apiInfo(new ApiInfoBuilder()
.title("Note API")
.description("A CRUD API to demonstrate Springfox 3 integration")
.version("0.0.1")
.license("MIT")
.licenseUrl("https://opensource.org/licenses/MIT")
.build())
.produces(produces).consumes(produces)
.select()
.apis(RequestHandlerSelectors.withClassAnnotation(RestController.class))
.build();
}
}
Now after you have multiple docket's per environment you can play with this line of code:
.apis(RequestHandlerSelectors.withClassAnnotation(RestController.class))
and display endpoints based on your conditions per environment.
On my Spring Boot application, I am trying to replace Swagger 2 with OpenApi 3.
In the current implementation of SwaggerConfiguration class,
#Configuration
#EnableSwagger2
public class SwaggerConfig {
...
#Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.any())
.paths(PathSelectors.any())
.build()
.securitySchemes(Collections.singletonList(securityScheme()))
.host(host)
.securityContexts(Collections.singletonList(securityContext()));
}
#Bean
public SecurityConfiguration security() {
return SecurityConfigurationBuilder.builder()
.clientId(swaggerCredentialsProvider.getClientId())
.clientSecret(swaggerCredentialsProvider.getClientSecret())
.scopeSeparator(" ")
.useBasicAuthenticationWithAccessCodeGrant(true)
.build();
}
private SecurityScheme securityScheme() {
GrantType grantType = new AuthorizationCodeGrantBuilder()
.tokenEndpoint(new TokenEndpoint(tokenEndpoint, "code"))
.tokenRequestEndpoint(new TokenRequestEndpoint(tokenRequestEndpoint,
swaggerCredentialsProvider.getClientId(),
swaggerCredentialsProvider.getClientSecret()))
.build();
return new OAuthBuilder().name("spring_oauth")
.grantTypes(Collections.singletonList(grantType))
.scopes(Arrays.asList(scopes())).build();
}
...
}
In this sample code, I give the clientId and the clientSecret and it will display automatically on the swagger-ui Authorization page:
In my new implementation of OpenApi Configuration
#Bean
public OpenAPI customOpenAPI() {
OAuthFlow oAuthFlow = new OAuthFlow()
.tokenUrl(tokenEndpoint)
.authorizationUrl(tokenRequestEndpoint)
.scopes(new Scopes().addString(scope, ""));
return new OpenAPI()
.components(new Components()
.addSecuritySchemes("security_auth", new SecurityScheme()
.flows(new OAuthFlows().authorizationCode(oAuthFlow))
.type(SecurityScheme.Type.OAUTH2).scheme("oauth2")))
.info(new Info()
.title(appName)
.version(appVersion)
.description(appDescription));
}
I do not find a way to set theses information. I tried to set springdoc.swagger-ui.oauth.clientId in the application.property file, but the clientId did not display.
How to set the clientId and the clientSecret with OpenApi 3 for displaying automatically on the Authorization Page?
You can set the client-id and client-secret via application properties. I think you might have the path to the client-id and client-secret wrong. The properties are 'client-id' and 'client-secret' not 'clientId' and 'clientSecret'
springdoc:
swagger-ui:
oauth:
client-id: your-client-id-value
client-secret: your-client-secret-value
I got confused with spring fox swagger ui base url, they are not pointing to correct url.
I just deployed a war in a context, so the app is in 127.0.0.1:8080/bff, i managed to add swagger and success, now its running in 127.0.0.1:8080/bff/swagger-ui.html, but when i try to test the api its pointing to 127.0.0.1:8080/bff/v2/api-docs/api/v1/home/profile. Why there is v2/api-docs !?
I know the API list on the swagger-ui is populated from that one, but why it's injected to URL when we test the API? because all of my API lay on the 127.0.0.1:8080/bff/api/v1
This is the screenshot
This is the code.
#Configuration
#EnableSwagger2
public class SwaggerConfig {
#Autowired
private GitVersionPropertiesConfig gitVersionPropertiesConfig;
#Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.globalOperationParameters(
Lists.newArrayList(new ParameterBuilder()
.name("Authorization")
.description("OAUTH2 Token")
.modelRef(new ModelRef("string"))
.parameterType("header")
.required(false)
.build()))
.apiInfo(apiInfo())
.pathMapping("/")
.pathProvider(new RelativePathProvider(null) {
#Override
public String getApplicationBasePath() {
return "/bff/";
}
})
.select()
.apis(RequestHandlerSelectors.any())
.paths(PathSelectors.regex("/api.*"))
.build();
}
ApiInfo apiInfo() {
String desc = "Bima Friends Forever API<br>"
+ "Current Branch : <b>"+gitVersionPropertiesConfig.getGitBranch()+"</b><br>"
+ "Timestamp : <b>"+gitVersionPropertiesConfig.getGitBuildTime()+"</b>";
return new ApiInfoBuilder()
.title("BFF - Hutchison")
.description(desc)
.version(gitVersionPropertiesConfig.getGitCommitIdAbbrev())
.build();
}
}
This is the temporary fix, but not permanent.
Open browser console and run window.swaggerUi.api.setBasePath('/bff');
Server : Wildfly
Swagger UI Version : 2.7.0
Thanks in advance.
I manage to fix it.. the culprit was jboss-web.xml context
Previously
<jboss-web>
<context-root>/bff/</context-root>
</jboss-web>
Fix :
<jboss-web>
<context-root>/bff</context-root>
</jboss-web>
oh my god...
I am using swagger 2.0 in a Spring boot(version 1.5.9.RELEASE) project.
Swagger works fine but now documentation have hundreds of api and I want to redirect documentation on different different urls.I am having swagger configuration like blow.
#Configuration
#EnableSwagger2
public class SwaggerConfig {
#Bean
public Docket postsApi() {
return new Docket(DocumentationType.SWAGGER_2).groupName("public-api")
.apiInfo(apiInfo()).select().paths(postPaths()).build();
}
private Predicate<String> postPaths() {
return or(regex("/api/posts.*"), or(regex("/api/.*"), regex("/secure/api/.*")));
}
private ApiInfo apiInfo() {
return new ApiInfoBuilder().title("Swagger API")
.description("Swagger Integration with Spring Boot")
.termsOfServiceUrl(null)
.license(null)
.licenseUrl(null).version("1.0").build();
}
}
Please suggest any way. Thanks in advance.
Finally I break these api's into groups basis on their url as following code segment, creates three group one for Settings, another for Products and last one contains all the other documentation except settings and products.
#Bean
public Docket swaggerSettingsApi() {
return new Docket(DocumentationType.SWAGGER_2)
.groupName("Settings")
.select()
.apis(RequestHandlerSelectors.basePackage("com.xyz"))
.paths(regex("/secure/api/v1/settings/.*"))
.build()
.apiInfo(new ApiInfoBuilder().version("1.0").title("Settings API").build())
.globalOperationParameters(operationParameters());
}
#Bean
public Docket swaggerProductApi() {
return new Docket(DocumentationType.SWAGGER_2)
.groupName("Product")
.select()
.apis(RequestHandlerSelectors.basePackage("com.xyz.modules.v1"))
.paths(productPaths())
.build()
.apiInfo(new ApiInfoBuilder().version("1.0").title("Product API").build())
.globalOperationParameters(operationParameters());
}
#Bean
public Docket swaggerModuleApi() {
return new Docket(DocumentationType.SWAGGER_2)
.groupName("Others")
.select()
.apis(RequestHandlerSelectors.basePackage("com.xyz.modules.v1"))
.paths(postPaths())
.build()
.apiInfo(new ApiInfoBuilder().version("1.0").title("Other Modules API").build())
.globalOperationParameters(operationParameters());
}
private Predicate<String> postPaths() {
return or(regex("^(?=\\/secure\\/api\\/v1\\/)(?!.*(settings|products)).+\\/.*"));
}
I have a Swagger config like this
#EnableSwagger2
#Configuration
public class SwaggerConfig {
#Bean
public Docket api() {
List<SecurityScheme> schemeList = new ArrayList<>();
schemeList.add(new ApiKey(HttpHeaders.AUTHORIZATION, "JWT", "header"));
return new Docket(DocumentationType.SWAGGER_2)
.produces(Collections.singleton("application/json"))
.consumes(Collections.singleton("application/json"))
.ignoredParameterTypes(Authentication.class)
.securitySchemes(schemeList)
.useDefaultResponseMessages(false)
.select()
.apis(Predicates.not(RequestHandlerSelectors.basePackage("org.springframework.boot")))
.paths(PathSelectors.any())
.build();
}
}
In the Swagger UI when I click on the Authorize button I enter my JWT token in the value field eyJhbGc..nN84qrBg. Now I expect that any request I do through the Swagger UI will contain the JWT in the header. However, that is not the case.
No request contains a Authorization header.
What am I missing?
Original answer
Support for Authorization: Bearer [JWT_TOKEN] header is working as of version 2.9.2
Added the following dependencies to build.gradle
compile("io.springfox:springfox-swagger2:2.9.2") {
exclude module: 'mapstruct' // necessary in my case to not end up with multiple mapstruct versions
}
compile "io.springfox:springfox-bean-validators:2.9.2"
compile "io.springfox:springfox-swagger-ui:2.9.2"
Configured Swagger via
#Configuration
#EnableSwagger2
#Import(springfox.bean.validators.configuration.BeanValidatorPluginsConfiguration.class)
public class SwaggerConfiguration {
public static final String AUTHORIZATION_HEADER = "Authorization";
public static final String DEFAULT_INCLUDE_PATTERN = "/api/.*";
private final Logger log = LoggerFactory.getLogger(SwaggerConfiguration.class);
#Bean
public Docket swaggerSpringfoxDocket() {
log.debug("Starting Swagger");
Contact contact = new Contact(
"Matyas Albert-Nagy",
"https://justrocket.de",
"matyas#justrocket.de");
List<VendorExtension> vext = new ArrayList<>();
ApiInfo apiInfo = new ApiInfo(
"Backend API",
"This is the best stuff since sliced bread - API",
"6.6.6",
"https://justrocket.de",
contact,
"MIT",
"https://justrocket.de",
vext);
Docket docket = new Docket(DocumentationType.SWAGGER_2)
.apiInfo(apiInfo)
.pathMapping("/")
.apiInfo(ApiInfo.DEFAULT)
.forCodeGeneration(true)
.genericModelSubstitutes(ResponseEntity.class)
.ignoredParameterTypes(Pageable.class)
.ignoredParameterTypes(java.sql.Date.class)
.directModelSubstitute(java.time.LocalDate.class, java.sql.Date.class)
.directModelSubstitute(java.time.ZonedDateTime.class, Date.class)
.directModelSubstitute(java.time.LocalDateTime.class, Date.class)
.securityContexts(Lists.newArrayList(securityContext()))
.securitySchemes(Lists.newArrayList(apiKey()))
.useDefaultResponseMessages(false);
docket = docket.select()
.paths(regex(DEFAULT_INCLUDE_PATTERN))
.build();
watch.stop();
log.debug("Started Swagger in {} ms", watch.getTotalTimeMillis());
return docket;
}
private ApiKey apiKey() {
return new ApiKey("JWT", AUTHORIZATION_HEADER, "header");
}
private SecurityContext securityContext() {
return SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(PathSelectors.regex(DEFAULT_INCLUDE_PATTERN))
.build();
}
List<SecurityReference> defaultAuth() {
AuthorizationScope authorizationScope
= new AuthorizationScope("global", "accessEverything");
AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
authorizationScopes[0] = authorizationScope;
return Lists.newArrayList(
new SecurityReference("JWT", authorizationScopes));
}
}
Access the ui via http://host:port/<context-root>/swagger-ui.html
Press Authorize all requests and enter Bearer [JWT_TOKEN]
Voila your next requests will have the JWT header
Update 2022-09-24
After a series of newer projects, I started using springdoc-openapi that generates docs based on javadoc, eliminating the need of extra annotations.
Writing this for anyone who is willing to give this library a try. I would recommend it/am a happy user of this lib.
Dependencies
build.gradle
[...]
// swagger ui
implementation 'org.springdoc:springdoc-openapi-ui:1.6.9'
implementation 'org.springdoc:springdoc-openapi-javadoc:1.6.9'
annotationProcessor 'com.github.therapi:therapi-runtime-javadoc-scribe:0.13.0'
implementation 'com.github.therapi:therapi-runtime-javadoc:0.13.0'
[...]
Declare Authentication
Using the project specific SecurityConfiguration.java - define the pattern of the OpenAPI authorization. This case: Bearer in Authorization in the HTTP header.
import static io.swagger.v3.oas.annotations.enums.SecuritySchemeIn.HEADER;
import static io.swagger.v3.oas.annotations.enums.SecuritySchemeType.HTTP;
import io.swagger.v3.oas.annotations.security.SecurityScheme;
#Component
#SecurityScheme(name = SecurityConfiguration.SECURITY_CONFIG_NAME, in = HEADER, type = HTTP, scheme = "bearer", bearerFormat = "JWT")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
[...]
public static final String SECURITY_CONFIG_NAME = "App Bearer token";
[...]
Usage in REST controllers
Usage in SomeController.java shall reference the security config
import static com.x.common.security.SecurityConfiguration.SECURITY_CONFIG_NAME;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
#RestController
#RequestMapping("/api/v1/resources")
#SecurityRequirement(name = SECURITY_CONFIG_NAME)
public class ConnectionSyncController {
/**
* Documentation that will be rendered
*
* supports
*
* 1. markdown
* 1. list
*/
#PostMapping("/{id}/sync")
#DomainAuthorize(permissionType = BasePermissions.PERM_ADMIN_OPERATIONS)
public void syncConnection(#PathVariable("id") Long id) {
Configure reachability
Configure location of openapi specs (swagger yml) - default /v3/api-docs
Configure where swagger-ui is located/loads config from
Configure which backends swagger-ui can talk with
In case we are behind a proxy, we need to make sure that the calls are proxied with correct headers for everything to work.
/src/main/resources/application.yml
server:
port: 80
# needed for swagger-ui to detect correct proxied paths correctly.
# Configuration needed for the [Try out] buttons to work
# this works in combination with the proxied headers
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Prefix /services/impower-facilioo;
forward-headers-strategy: FRAMEWORK
springdoc:
swagger-ui:
# where the UI configuration is located at
configUrl: /[some/public/path]/v3/api-docs/swagger-config
filter: true
deepLinking: true
# where the server API yml/json files are at (dropdown in top right corner)
urls[0]:
url: /[some/public/path]/v3/api-docs
name: backend
For swagger version 2.9.2
Create a SwaggerConfig class.
#Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.any())
.paths(PathSelectors.any())
.build()
.apiInfo(apiInfo())
.securitySchemes(Arrays.asList(apiKey()));
}
private ApiInfo apiInfo() {
return new ApiInfoBuilder()
.title("Sig-Predict REST API Document")
.description("work in progress")
.termsOfServiceUrl("localhost")
.version("1.0")
.build();
}
private ApiKey apiKey() {
return new ApiKey("jwtToken", "Authorization", "header");
}
Then annotate each API you would like to send this Authorization header to with:
#ApiOperation(value = "", authorizations = { #Authorization(value="jwtToken") })
Your code is correct.
There is a bug in springfox-swagger-ui/springfox-swagger2 version 2.8.0 and it seems 2.9.2 as well. I suspect you are using a version effected by this bug.
I simply downgraded to 2.7.0 and it worked perfectly.
For a quick solution, I configured my docket with a global parameter authorization header in my swaggerConfig class.
#Configuration
#EnableSwagger2
public class SwaggerConfig {
private static final Set<String> DEFAULT_PRODUCES_CONSUMES = new HashSet<String>(Arrays.asList("application/json"));
#Bean
public Docket api() {
ParameterBuilder parameterBuilder = new ParameterBuilder();
parameterBuilder.name("Authorization")
.modelRef(new ModelRef("string"))
.parameterType("header")
.description("JWT token")
.required(true)
.build();
List<Parameter> parameters = new ArrayList<>();
parameters.add(parameterBuilder.build());
return new Docket(DocumentationType.SWAGGER_2).apiInfo(DEFAULT_API_INFO)
.produces(DEFAULT_PRODUCES_CONSUMES)
.consumes(DEFAULT_PRODUCES_CONSUMES)
.select()
.build()
// Setting globalOperationParameters ensures that authentication header is applied to all APIs
.globalOperationParameters(parameters);
}
}
Wrote a small post authorization-field-in-swagger-ui about this.
Please try something like below
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.any()).paths(PathSelectors.regex("/api/v1/.*"))
.build().groupName("API")
.globalOperationParameters(newArrayList(
new ParameterBuilder().name(HttpHeaders.AUTHORIZATION).description("Authorization token").required(true)
.modelRef(new ModelRef("string")).parameterType("header").required(true).build()))
.apiInfo(apiInfo());
Where the accepted answer is correct, it has a small flaw. You have to manually add 'Bearer '-text in the authorization value to make the token work correctly (when the prefix is expected like in my case).
Did some research to improve this and got this working with using the OpenApi without the need for that tiny nasty addition.
Source I used to go on with this (Made some minor changes/additions)
In pom.xml I have the following:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.5</version>
<relativePath />
</parent>
<properties>
<java.version>16</java.version>
<swagger.version>2.9.2</swagger.version>
<open.api.version>1.6.9</open.api.version>
</properties>
<dependencies>
<!-- Swagger -->
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>${swagger.version}</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>${swagger.version}</version>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>${open.api.version}</version>
</dependency>
</dependencies>
To the application.properties I added few lines (optional):
spring.mvc.pathmatch.matching-strategy=ant-path-matcher
springdoc.swagger-ui.path=swagger-ui.html
springdoc.paths-to-exclude=/swagger-resources/**
The swagger needed to have some security setting exceptions:
#Configuration
#EnableWebSecurity
#EnableGlobalMethodSecurity(prePostEnabled = true)
class SecurityConfiguration extends WebSecurityConfigurerAdapter {
/* Specify the urls not requiring authentication. */
#Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/v3/api-docs/**", "/swagger-ui.html", "/swagger-ui/**", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/webjars/**");
}
}
And finally the actual configuration for the swagger using OpenApi:
package com.fujitsu.emom.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import io.swagger.v3.oas.models.Components;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.info.Contact;
import io.swagger.v3.oas.models.info.Info;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
/**
* Configuration for swagger using OpenApi.<br/>
* Notice the spring security must allow to access to the swagger ui at 'SecurityConfiguration.java'.<br/>
* There are also configuration at 'application.properties' for defining the URL to swagger page.
*/
#Configuration
public class SwaggerConfig {
public static final String SCHEME_NAME = "BearerScheme";
public static final String SCHEME = "Bearer";
#Bean
public OpenAPI customOpenAPI() {
var openApi = new OpenAPI().info(this.apiInfo());
this.addSecurity(openApi);
return openApi;
}
private Info apiInfo() {
var contact = new Contact();
contact.setEmail("mailbox#product.com");
contact.setName("product_admin");
contact.setUrl("http://product.com");
return new Info()
.title("Product API")
.description("Product description")
.termsOfService("http://product.com/terms_of_service")
.contact(contact)
// TODO: Version should be dynamically
.version("0.5.1");
}
private void addSecurity(OpenAPI openApi) {
var components = this.createComponents();
var securityItem = new SecurityRequirement().addList(SCHEME_NAME);
openApi.components(components).addSecurityItem(securityItem);
}
private Components createComponents() {
var components = new Components();
components.addSecuritySchemes(SCHEME_NAME, this.createSecurityScheme());
return components;
}
private SecurityScheme createSecurityScheme() {
return new SecurityScheme().name(SCHEME_NAME).type(SecurityScheme.Type.HTTP).scheme(SCHEME);
}
}