There are a lot of tutorials on Swagger2, as well as articles about Swagger adding global head parameters (such as token). Such as:

Swagger2 Adds the HTTP head parameter

Swagger2 Add the HTTP head parameter to resolve the retention of token information

However, the above scheme has two disadvantages:

  1. You need to enter parameters separately for each interface
  2. Parameters are configured globally. If some interfaces (such as login, etc.) do not need parameters, they must be declared in the modified interface through annotation reality, which is quite troublesome

In summary, the optimization scheme is as follows: 1. Configure global parameters for securitySchemes of Swagger2: As shown in the following code, add a parameter named “Authorization” and type “header” to the ApiKey of securitySchemes.

private List<ApiKey> securitySchemes() {
        return newArrayList(
                new ApiKey("Authorization", "Authorization", "header"));
 }Copy the code

2. Set interfaces that require parameters (or remove interfaces that don’t) in SecurityContext Swagger2 using regular expressions, as shown in PathSelectors. Regex (” ^(? ! Auth).*$”), all interfaces containing “auth” do not need to use securitySchemes. That is, you do not need to use the Authorization parameter whose type is Header.

private List<SecurityContext> securityContexts() { return newArrayList( SecurityContext.builder() .securityReferences(defaultAuth()) .forPaths(PathSelectors.regex("^(? ! auth).*$")) .build() ); }Copy the code

After setting, enter SwaggerUI, and the “Authorization” button appears in the upper right corner. Click to enter our configured parameters.

For interfaces that do not require input parameters (the interfaces containing Auth described above), they can be accessed without input Authorization parameters.

The other interfaces return a 401 error. Click Authorization in the upper right corner and enter the configured parameters. You do not need to enter parameters for each interface.



At this point, Head parameters that are not global and do not need to be entered repeatedly are configured for Swagger2.

Swagger2: Springboot

@Configuration @EnableSwagger2 public class Swagger { @Bean public Docket api() { return new Docket(DocumentationType.SWAGGER_2). useDefaultResponseMessages(false) .select() .apis(RequestHandlerSelectors.any()) .paths(PathSelectors.regex("^(? ! auth).*$")) .build() .securitySchemes(securitySchemes()) .securityContexts(securityContexts()) ; } private List<ApiKey> securitySchemes() { return newArrayList( new ApiKey("Authorization", "Authorization", "header"));  } private List<SecurityContext> securityContexts() { return newArrayList( SecurityContext.builder() .securityReferences(defaultAuth()) .forPaths(PathSelectors.regex("^(? ! auth).*$")) .build() ); } List<SecurityReference> defaultAuth() { AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything"); AuthorizationScope[] authorizationScopes = new AuthorizationScope[1]; authorizationScopes[0] = authorizationScope; return newArrayList( new SecurityReference("Authorization", authorizationScopes)); }}Copy the code