SpringDoc OpenApi学习笔记
SpringDoc OpenApi学习笔记
springboot 2.7.6+springdoc openapi1.7.0
1、依赖
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>${springdoc.version}</version>
</dependency>
2、application.yaml
默认地址是http://localhost:8080/swagger-ui/swagger-ui/index.html、http://localhost:8080/v3/api-docs,可以在application.yaml中自定义
springdoc:
api-docs:
enabled: true
path: /v3/api-docs
swagger-ui:
path: /swagger-ui/index.html
persist-authorization: true
3、SpringDocConfig
package cn.darkiris.doc;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.info.Info;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class SpringDocConfig {
// swagger: http://localhost:10001/swagger-ui/swagger-ui/index.html
// openapi: http://localhost:10001/v3/api-docs
@Bean
public OpenAPI customSpringDoc() {
return new OpenAPI()
.info(new Info()
.title("User API")
.version("1.0.0")
.description("This is the api for user management.")
);
}
}
4、与spring security整合
如果使用spring security记得放行接口文档
package cn.darkiris.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import java.security.Provider;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class SecurityConfig {
@Autowired
private CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
@Autowired
private CustomAccessDeniedHandler customAccessDeniedHandler;
@Autowired
private JwtAuthenticationFilter jwtAuthenticationFilter;
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
// 1、AuthenticationManager 委托给适当的 AuthenticationProvider(CustomAuthenticationProvider)
// 2、AuthenticationProvider 调用 UserDetailsService(CustomUserDetailService) 的 loadUserByUsername 获取用户信息
// 3、AuthenticationProvider 使用 PasswordEncoder(CustomPasswordEncoder) 对比 上一步获取到的用户密码
// 4、如果验证成功,AuthenticationProvider(CustomAuthenticationProvider) 返回一个已认证的 Authentication 对象;如果失败,抛出异常
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(customAuthenticationEntryPoint)
.accessDeniedHandler(customAccessDeniedHandler)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/user/login", "/api/user/register").permitAll()
.antMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-resources/**", "/webjars/**").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
}