英文:
Quarkus Swagger-UI Authorization
问题
我目前正在使用Quarkus和由quarkus-smallrye-openapi提供的Swagger-UI进行工作。
我们使用Azure AD的OIDC作为安全性,但Swagger-UI目前不支持它(请参阅Swagger文档),所以我无法向Swagger添加“真正的”授权。
这意味着,我无法使用Swagger,因为我的端点至少受到@RolesAllowed
的保护。
我们有一个端点来获取模拟安全令牌,但我不知道如何告诉Swagger使用此令牌。
基本上,我想告诉swagger-ui:“这里,我有这个令牌,请将它添加为所有请求的Authorization: Bearer XXX
”,但我不知道如何在Quarkus中实现这一点。
英文:
Im currently working with Quarkus and Swagger-UI as delivered by quarkus-smallrye-openapi.
We have OIDC from Azure AD as security, which is currently not supported by Swagger-UI (see Swagger-Docs), so I can't add the "real" authorization to swagger.
This means, I can't use Swagger since my endpoints are at least secured with @RolesAllowed
.
We have an endpoint to fetch a mock-security token, but I don't know how to tell swagger to take this token.
Basically I want to tell swagger-ui "Here, I have this token, add it as Authorization: Bearer XXX
to all requests", but I don't know how to do that in Quarkus.
答案1
得分: 10
Sure, here's the translated content:
- 注册安全方案
@Path("/sample")
@SecuritySchemes(value = {
@SecurityScheme(securitySchemeName = "apiKey",
type = SecuritySchemeType.HTTP,
scheme = "Bearer")}
)
public class SampleResource {
- 使用已注册的方案名称标记操作的安全要求。
@GET
@SecurityRequirement(name = "apiKey")
String hello() {
英文:
- Register security scheme
@Path("/sample")
@SecuritySchemes(value = {
@SecurityScheme(securitySchemeName = "apiKey",
type = SecuritySchemeType.HTTP,
scheme = "Bearer")}
)
public class SampleResource {
- Mark the operation's security requirement with the scheme name registered.
@GET
@SecurityRequirement(name = "apiKey")
String hello() {
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论