Linux環境下Swagger的認證與授權如何實現

在Linux環境下，Swagger的認證與授權可以通過多種方式實現，以下是一些常見的方法：

1. 基本認證（Basic Authentication）

基本認證是最簡單的認證方式，客戶端需要提供用戶名和密碼。

實現步驟：

1. 添加依賴：在pom.xml中添加Spring Security依賴。

   <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-security</artifactId>
   </dependency>
   

2. 配置Spring Security：創建一個配置類來設置基本認證。

   import org.springframework.context.annotation.Bean;
   import org.springframework.context.annotation.Configuration;
   import org.springframework.security.config.annotation.web.builders.HttpSecurity;
   import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
   import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
   import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
   import org.springframework.security.crypto.password.PasswordEncoder;
   
   @Configuration
   @EnableWebSecurity
   public class SecurityConfig extends WebSecurityConfigurerAdapter {
   
       @Override
       protected void configure(HttpSecurity http) throws Exception {
           http.authorizeRequests()
               .antMatchers("/swagger-ui/**").authenticated()
               .and()
               .httpBasic();
       }
   
       @Bean
       public PasswordEncoder passwordEncoder() {
           return new BCryptPasswordEncoder();
       }
   }
   

3. 配置Swagger：確保Swagger配置允許基本認證。

   import springfox.documentation.builders.PathSelectors;
   import springfox.documentation.builders.RequestHandlerSelectors;
   import springfox.documentation.spi.DocumentationType;
   import springfox.documentation.spring.web.plugins.Docket;
   import springfox.documentation.swagger2.annotations.EnableSwagger2;
   
   @Configuration
   @EnableSwagger2
   public class SwaggerConfig {
       @Bean
       public Docket api() {
           return new Docket(DocumentationType.SWAGGER_2)
               .select()
               .apis(RequestHandlerSelectors.basePackage("com.example.demo"))
               .paths(PathSelectors.any())
               .build();
       }
   }
   

2. OAuth2認證

OAuth2是一種更復雜的認證方式，支持多種授權模式。

實現步驟：

1. 添加依賴：在pom.xml中添加Spring Security和OAuth2依賴。

   <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-security</artifactId>
   </dependency>
   <dependency>
       <groupId>org.springframework.security.oauth.boot</groupId>
       <artifactId>spring-security-oauth2-autoconfigure</artifactId>
       <version>2.5.2</version>
   </dependency>
   

2. 配置Spring Security：創建一個配置類來設置OAuth2認證。

   import org.springframework.context.annotation.Bean;
   import org.springframework.context.annotation.Configuration;
   import org.springframework.security.config.annotation.web.builders.HttpSecurity;
   import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
   import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
   import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
   import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
   import org.springframework.security.oauth2.provider.token.TokenStore;
   import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
   
   @Configuration
   @EnableWebSecurity
   public class SecurityConfig extends WebSecurityConfigurerAdapter {
   
       @Override
       protected void configure(HttpSecurity http) throws Exception {
           http.authorizeRequests()
               .antMatchers("/swagger-ui/**").authenticated()
               .and()
               .oauth2ResourceServer()
               .jwt();
       }
   }
   
   @Configuration
   @EnableResourceServer
   public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
   
       @Override
       public void configure(HttpSecurity http) throws Exception {
           http.authorizeRequests()
               .antMatchers("/swagger-ui/**").authenticated();
       }
   
       @Bean
       public TokenStore tokenStore() {
           return new JwtTokenStore(accessTokenConverter());
       }
   
       @Bean
       public JwtAccessTokenConverter accessTokenConverter() {
           JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
           converter.setSigningKey("123"); // 設置簽名密鑰
           return converter;
       }
   }
   

3. 配置Swagger：確保Swagger配置允許OAuth2認證。

   import springfox.documentation.builders.PathSelectors;
   import springfox.documentation.builders.RequestHandlerSelectors;
   import springfox.documentation.spi.DocumentationType;
   import springfox.documentation.spring.web.plugins.Docket;
   import springfox.documentation.swagger2.annotations.EnableSwagger2;
   
   @Configuration
   @EnableSwagger2
   public class SwaggerConfig {
       @Bean
       public Docket api() {
           return new Docket(DocumentationType.SWAGGER_2)
               .select()
               .apis(RequestHandlerSelectors.basePackage("com.example.demo"))
               .paths(PathSelectors.any())
               .build()
               .securitySchemes(Arrays.asList(securityScheme()))
               .securityContexts(Arrays.asList(securityContext()));
       }
   
       private SecurityScheme securityScheme() {
           return new OAuthBuilder()
               .name("oauth2")
               .grantTypes(Arrays.asList(new ResourceOwnerPasswordCredentialsGrant("http://localhost:8080/oauth/token")))
               .scopes(Arrays.asList(new Scope("read", "read access"), new Scope("write", "write access")))
               .build();
       }
   
       private SecurityContext securityContext() {
           return SecurityContext.builder()
               .securityReferences(defaultAuth())
               .forPaths(PathSelectors.regex("/swagger-ui/.*"))
               .build();
       }
   
       List<SecurityReference> defaultAuth() {
           AuthorizationScope authorizationScope = new AuthorizationScope("read", "read access");
           AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
           authorizationScopes[0] = authorizationScope;
           return Arrays.asList(new SecurityReference("oauth2", authorizationScopes));
       }
   }
   

3. API密鑰認證

API密鑰認證是一種簡單的認證方式，客戶端需要在請求頭中提供API密鑰。

實現步驟：

1. 添加依賴：在pom.xml中添加Spring Security依賴。

   <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-security</artifactId>
   </dependency>
   

2. 配置Spring Security：創建一個配置類來設置API密鑰認證。

   import org.springframework.context.annotation.Bean;
   import org.springframework.context.annotation.Configuration;
   import org.springframework.security.config.annotation.web.builders.HttpSecurity;
   import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
   import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
   import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
   
   @Configuration
   @EnableWebSecurity
   public class SecurityConfig extends WebSecurityConfigurerAdapter {
   
       @Override
       protected void configure(HttpSecurity http) throws Exception {
           http.authorizeRequests()
               .antMatchers("/swagger-ui/**").authenticated()
               .and()
               .addFilterBefore(apiKeyFilter(), UsernamePasswordAuthenticationFilter.class);
       }
   
       @Bean
       public ApiKeyFilter apiKeyFilter() {
           return new ApiKeyFilter();
       }
   }
   
   import org.springframework.web.filter.OncePerRequestFilter;
   import javax.servlet.FilterChain;
   import javax.servlet.ServletException;
   import javax.servlet.http.HttpServletRequest;
   import javax.servlet.http.HttpServletResponse;
   import java.io.IOException;
   
   public class ApiKeyFilter extends OncePerRequestFilter {
   
       @Override
       protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
           String apiKey = request.getHeader("X-API-KEY");
           if (apiKey != null && apiKey.equals("your-api-key")) {
               // 認證成功
               chain.doFilter(request, response);
           } else {
               // 認證失敗
               response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
           }
       }
   }
   

3. 配置Swagger：確保Swagger配置允許API密鑰認證。

   import springfox.documentation.builders.PathSelectors;
   import springfox.documentation.builders.RequestHandlerSelectors;
   import springfox.documentation.spi.DocumentationType;
   import springfox.documentation.spring.web.plugins.Docket;
   import springfox.documentation.swagger2.annotations.EnableSwagger2;
   
   @Configuration
   @EnableSwagger2
   public class SwaggerConfig {
       @Bean
       public Docket api() {
           return new Docket(DocumentationType.SWAGGER_2)
               .select()
               .apis(RequestHandlerSelectors.basePackage("com.example.demo"))
               .paths(PathSelectors.any())
               .build()
               .securitySchemes(Arrays.asList(apiKey()))
               .securityContexts(Arrays.asList(securityContext()));
       }
   
       private ApiKey apiKey() {
           return new ApiKey("X-API-KEY", "X-API-KEY", "header");
       }
   
       private SecurityContext securityContext() {
           return SecurityContext.builder()
               .securityReferences(defaultAuth())
               .forPaths(PathSelectors.regex("/swagger-ui/.*"))
               .build();
       }
   
       List<SecurityReference> defaultAuth() {
           AuthorizationScope authorizationScope = new AuthorizationScope("read", "read access");
           AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
           authorizationScopes[0] = authorizationScope;
           return Arrays.asList(new SecurityReference("X-API-KEY", authorizationScopes));
       }
   }
   

以上是幾種常見的Swagger認證與授權實現方式，可以根據具體需求選擇合適的方法。