question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

From swagger editor able to get the JWT auth token, but from application which enabled swagger-ui using springfox is not working

See original GitHub issue

Tested my auth server from swagger editor and is working fine. I’m able to get the token and authorization is happening without any issues. But, when I tried to integrate it with my web service where swagger UI is enabled using springfox dependencies is not working.

Success form swagger editor

success

Failed from application

failed

Noticed that in the failed case, swagger UI is sending only a single POST request, but swagger editor had an OPTIONS & POST request to get the token.

Suspected CROS filter initially, so I took my swagger json and tested in swagger editor and it worked. My auth server and resource server with application is also working fine when tested via curl.

Sample auth server and resource server is this:- https://github.com/ranjithap7576/OAuth2-JWT

And swagger configuration is below

@Configuration
@EnableSwagger2
public class SwaggerConfigNew {

	@Value("${security.jwt.resource-ids}")
	private String clientId;
	@Value("${security.signing-key}")
	private String clientSecret;

	@Value("${security.oauth2.authserver}")
	private String authLink;

	@Bean
	public Docket api() {

		return new Docket(DocumentationType.SWAGGER_2).select()
				.apis(RequestHandlerSelectors.basePackage("my.package")).build().groupName("test")
				.directModelSubstitute(org.joda.time.LocalDate.class, java.sql.Date.class)
				.directModelSubstitute(org.joda.time.DateTime.class, java.util.Date.class)
				.securitySchemes(Collections.singletonList(securitySchema()))
				.securityContexts(Collections.singletonList(securityContext()));

	}

	private OAuth securitySchema() {
		List<AuthorizationScope> authorizationScopeList = newArrayList();
		authorizationScopeList.add(new AuthorizationScope("read", "read all"));
		authorizationScopeList.add(new AuthorizationScope("trust", "trust all"));
		authorizationScopeList.add(new AuthorizationScope("write", "access all"));
		List<GrantType> grantTypes = newArrayList();
		GrantType creGrant = new ResourceOwnerPasswordCredentialsGrant(authLink + "/oauth/token");
		grantTypes.add(creGrant);
		return new OAuth("oauth2schema", authorizationScopeList, grantTypes);

	}

	@Bean
	UiConfiguration uiConfig() {
		return new UiConfiguration("validatorUrl", // url
				"none", // docExpansion => none | list
				"alpha", // apiSorter => alpha
				"schema", // defaultModelRendering => schema
				UiConfiguration.Constants.DEFAULT_SUBMIT_METHODS, false, // enableJsonEditor => true | false
				true, // showRequestHeaders => true | false
				60000L); // requestTimeout => in milliseconds, defaults to null (uses jquery xh timeout)
	}

	@Bean
	public SecurityConfiguration securityInfo() {
		return new SecurityConfiguration(clientId, clientSecret, "", "", "", ApiKeyVehicle.HEADER, "", " ");
	}

	private SecurityContext securityContext() {
		return SecurityContext.builder().securityReferences(defaultAuth()).forPaths(PathSelectors.ant("/user/**"))
				.build();
	}

	private List<SecurityReference> defaultAuth() {
		final AuthorizationScope[] authorizationScopes = new AuthorizationScope[3];
		authorizationScopes[0] = new AuthorizationScope("read", "read all");
		authorizationScopes[1] = new AuthorizationScope("trust", "trust all");
		authorizationScopes[2] = new AuthorizationScope("write", "write all");
		return Collections.singletonList(new SecurityReference("oauth2schema", authorizationScopes));
	}

	// @Bean
	public WebMvcConfigurer corsConfigurer() {
		return new WebMvcConfigurerAdapter() {
			@Override
			public void addCorsMappings(CorsRegistry registry) {
				registry.addMapping("/**");
			}
		};
	}

I’m using springfox 2.7.0

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:15 (5 by maintainers)

github_iconTop GitHub Comments

6reactions
MartinX3commented, Apr 1, 2018

@dilipkrish Thank you very much. Now it sends an auth header bearer token, when I try to access an endpoint with swagger! 😃

1reaction
dilipkrishcommented, Dec 7, 2017

You could use THE swagger-ui

Read more comments on GitHub >

github_iconTop Results From Across the Web

From swagger editor able to get the JWT auth token, but from ...
Tested my auth server from swagger editor and is working fine. I'm able to get the token and authorization is happening without any...
Read more >
Set JWT with Spring Boot and Swagger UI - Baeldung
In this short tutorial, we're going to see how to configure Swagger UI to include a JSON Web Token (JWT) when it calls...
Read more >
How to Use Swagger Inspector
You will NOT have a Swagger username or password if you choose the GitHub ... or JWT, we'll add the Authorization: Bearer header...
Read more >
From Swagger Editor Able To Get The Jwt Auth Token, But ...
M7 + Spring Security + Springfox 2.8.0. And I solved the problem using the following security configuration that allows public access to Swagger...
Read more >
Using OpenAPI and Swagger UI - Quarkus
This guide explains how your Quarkus application can expose its API description through an OpenAPI specification and how you can test it via...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found