I am using the swagger with springodc-openapi-ui
It is possible to set parameters with default values for post token method: /oauth/token?
I added openapi-security dependency
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-security</artifactId>
<version>1.6.6</version>
</dependency>
but swagger displays it as:
Instead of these parameters, I want to have"grant_type": "client_credentials"
Related
Suppose the following HTTP request:
POST index.php?/api/v2/add_result_for_case/123/777
This appears in TestRail documentation at https://support.gurock.com/hc/en-us/articles/7077819312404-Results#addresultforcase
Now, I am trying to use Jersey as follows:
testRailClient()
.target(testRailUrl)
.path("/index.php")
.queryParam("/api/v2/add_result_for_case/123/777")
.request()
.post(Entity.json(...))
But, its URL gets encoded by Jersey, as follows:
https://testrail.host/index.php?%2Fapi%2Fv2%2Fadd_result_for_case%2F131143%2F131143=
Any suggestion how to make it generate the request as required by TestRail?
I have a Java/Spring-based microservices architecture with two services:
A - has a public-facing endpoint which does some stuff and then calls the below endpoint on B. This endpoint requires an Authorization header (OAuth2) to identify the user.
B - has an endpoint that also requires an Authorization header (OAuth2) so that it can determine which user made the call.
I have specified B's endpoint using OpenAPI. I'm using OpenAPI Generator to generate both the client in A (Spring WebClient), and the server in B (Spring Boot).
My question is this: what do I need to do to pass the Authorization header along from A to B? I see how to set a static header, but I don't know how to pass the header based on what's received by A.
Similar to this question, but for WebClient: OpenAPI client generator Java - header per call
As your A service is a resource-server and you want to issue request to service B on behalf of the user who initiated the request to A, just set a Bearer Authorization header on WebClient with the original access-token string retrieved from current security context (use SecurityContextHolder static accessor or have AbstractOAuth2TokenAuthenticationToken<?> auth auto-magically injected by Spring as #Controller method parameter).
If your A service was a client, you could do as I did in the UiController of this tutorial.
Turns out my problem was how I specified the endpoint security in my OpenAPI specification.
I added:
components:
securitySchemes:
s2s:
type: oauth2
flows:
clientCredentials:
authorizationUrl: https://example.com/oauth/authorize
tokenUrl: https://example.com/oauth/token
scopes:
read: Read scope
And made a reference to that security schema on my endpoint:
/foo:
get:
...
security:
- s2s:
- read
Now, when I run openapi-generate on this schema and generate it to either Spring Boot (server) or Java WebClient (client), the generated endpoint signature looks like:
#RequestMapping(
method = RequestMethod.GET,
value = "/foo",
produces = { "application/json" }
)
Mono<ResponseEntity<MyResponse>> foo(
#Parameter(name = "Authorization", description = "", required = true) #RequestHeader(value = "Authorization", required = true) String authorization,
#Parameter(hidden = true) final ServerWebExchange exchange
);
The String authorization argument to the method was not previously being generated and it's what I needed here. It allows me to pass A's header along to the call to B.
Props to #Ch4mp for helping out here.
I am using springdoc-openapi-ui for documenting my REST end point.
Below is the pom dependency
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.6.9</version>
</dependency>
Below is my swagger url
http://localhost:40001/test/swagger-ui/index.html
The swagger UI opens perfectly fine. When I go one of the controllers and click "try it out" and execute the rest endpoint I get an 404 error.
When I check the request url it is
http://localhost:40001/my-service/v1/topic/123
I expect the request url to be http://localhost:40001/test/my-service/v1/topic/123 instead of the above one.
The "try it out" is missing the context path "test"
I have specified the below property in my application.properties
server.servlet.context-path=/test
The "try it out" is not adding the context path "test" to its request url.
I found the solution. I had the below annotation in my configuration file
#OpenAPIDefinition(servers = {#Server(url = "/", description = "Default Server URL")})
Which cause causing the context path to be defaulted to /. Removing the above annotation resolved the issue
I have noticed that when building a Thorntail REST application using JAX-RS and Swagger UI dependencies, the REST call generated by Swagger UI uses https instead of http.
Here is the REST Service I'm using:
#Path("/time")
#Api(value = "/time", description = "Get the time", tags = "time")
#Produces(MediaType.APPLICATION_JSON)
public class HelloWorldEndpoint {
#GET
#Path("/now")
#ApiOperation(value = "Get the current time",
notes = "Returns the time as a string",
response = String.class
)
#Produces(MediaType.APPLICATION_JSON)
public String get() {
return String.format("{\"value\" : \"The time is %s\"}", new Date());
}
}
And the dependencies:
<dependency>
<groupId>io.thorntail</groupId>
<artifactId>swagger</artifactId>
</dependency>
<dependency>
<groupId>io.thorntail</groupId>
<artifactId>jaxrs</artifactId>
</dependency>
<dependency>
<groupId>io.thorntail</groupId>
<artifactId>swagger-webapp</artifactId>
</dependency>
In this case, the generated REST call is:
curl -X GET "https://localhost:8080/time/now" -H "accept: application/json"
which returns:
curl: (35) SSL received a record that exceeded the maximum permissible length.
Is there any parameter (#Api ?) that forces using 'http' instead of 'https' ?
On my side, I used this configuration in project-defaults.yml
thorntail:
deployment:
my-webapp.war:
swagger:
schemes:
- http
it's quite simple to secure/protect an ASP.NET Web API with OWIN (Katana). Now, I'm looking for a Java library that offers OWIN-similar features, so that I can secure my Java-based Web APIs. Only GET and POST requests with a Bearer token in the header are allowed, otherwise a HTTP 401 should be returned. Therefore the library should be able to verify the Bearer token.
Any hint, link, reference, etc. is highly appreciated. Thanks!
Dominik
BearerToken.parse(String) in authlete-java-common covers the three ways to extract an access token described in RFC 6750 (Bearer Token Usage).
// Case 1:
// Extract an access token from 'Authorization' HTTP header.
// The value of 'Authorization' HTTP header.
String authorization = ...;
// Extract an access token from 'Authorization' HTTP header.
String accessToken = BearerToken.parse(authorization);
// Case 2:
// Extract an access token from the entity body of a POST request.
// Entity body formatted in 'application/x-www-url-encoded'.
String body = ...;
// Extract an access token.
String accessToken = BearerToken.parse(body);
// Case 3:
// Extract an access token from the query string of a GET request.
// Query string.
String query = ...;
// Extract an access token.
String accessToken = BearerToken.parse(query);
Maven:
<dependency>
<groupId>com.authlete</groupId>
<artifactId>authlete-java-common</artifactId>
<version>1.3</version>
</dependency>
It wouldn't take much time even if you implemented the same thing from scratch, though.
Source code -> BearerToken.java