在Linux环境下,使用Swagger实现权限控制通常涉及以下几个步骤:
集成Spring Security:
pom.xml中添加依赖来实现:<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> 配置Spring Security:
WebSecurityConfigurerAdapter,并重写相关方法来定义安全规则。@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/swagger-ui/**", "/v2/api-docs/**").authenticated() // 需要认证的URL .anyRequest().permitAll() // 其他请求允许访问 .and() .httpBasic(); // 使用HTTP Basic认证 } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("user") .password("{noop}password") // {noop}表示不加密密码 .roles("USER"); } } 配置Swagger:
@Configuration @EnableSwagger2 public class SwaggerConfig { @Bean public Docket api() { return new Docket(DocumentationType.SWAGGER_2) .select() .apis(RequestHandlerSelectors.basePackage("com.example.demo.controller")) .paths(PathSelectors.any()) .build(); } } 访问Swagger UI:
http://localhost:8080/swagger-ui.html(假设你的应用程序运行在8080端口)。高级权限控制:
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/swagger-ui/**", "/v2/api-docs/**").hasRole("USER") // 需要USER角色 .anyRequest().permitAll() .and() .httpBasic(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("user") .password("{noop}password") .roles("USER") .and() .withUser("admin") .password("{noop}password") .roles("ADMIN"); } 通过以上步骤,你可以在Linux环境下使用Swagger实现基本的权限控制。根据你的具体需求,可以进一步扩展和定制安全配置。
