Swagger安全性定义Resteasy

Question

我没有配置应用程序子类和beanConfig对象的swagger，我的securityDefinition必须允许swagger ui显示de api_key字段以允许对我的所有服务层进行身份验证。

BeanConfig beanConfig = new BeanConfig(); 
    beanConfig.setSchemes(new String[] { "http" }); 
    beanConfig.setHost("192.168.4.9:8080"); 
    beanConfig.setBasePath("/cjppa/rest"); 
    beanConfig.setResourcePackage("com.cjppa.fpuna.backend.resources"); 
    beanConfig.setScan(true); 
    beanConfig.setPrettyPrint(true); 

    io.swagger.models.Info info = new io.swagger.models.Info(); 
    io.swagger.models.Contact contact = new io.swagger.models.Contact(); 
    info.setVersion("1.0"); 
    beanConfig.setInfo(info); 

    io.swagger.models.auth.ApiKeyAuthDefinition apikey = new 
    io.swagger.models.auth.ApiKeyAuthDefinition(); 
    apikey.setName("x-token"); 
    apikey.setIn(In.HEADER); 


    Swagger swagger = new Swagger().info(info); 
    swagger.securityDefinition("api_key", apikey); 

    beanConfig.configure(swagger); 

预期API_KEY来自于 “X-令牌” http头

Answer 1

可以实现io.swagger.jaxrs.config.ReaderListener，addSecurity在afterScan方法。例如：

@SwaggerDefinition(securityDefinition = @SecurityDefinition(apiKeyAuthDefinitions = { 
    @ApiKeyAuthDefinition(in = ApiKeyAuthDefinition.ApiKeyLocation.HEADER, key = "token", name = "E-token"), 
    @ApiKeyAuthDefinition(in = ApiKeyAuthDefinition.ApiKeyLocation.HEADER, key = "userId", name = "E-userId"), 
    @ApiKeyAuthDefinition(in = ApiKeyAuthDefinition.ApiKeyLocation.HEADER, key = "corpId", name = "E-corpId") })) 
public class SwaggerCustomizeDefinition implements ReaderListener { 

    @Override 
    public void beforeScan(Reader reader, Swagger swagger) { 

    } 

    @Override 
    public void afterScan(Reader reader, Swagger swagger) { 
     swagger.addSecurity(new SecurityRequirement().requirement("token")); 
     swagger.addSecurity(new SecurityRequirement().requirement("userId")); 
     swagger.addSecurity(new SecurityRequirement().requirement("corpId")); 
    } 

}