如何使用 Microprofile Openapi swagger-ui 中的注释传递 ​​JWT 令牌

Question

如何使用 Microprofile Openapi swagger-ui 中的注释将 JWT Bearer 标头令牌传递到我的端点？

我可以像这样使用 curl 传递它：

curl -X 'GET' \
  'http://localhost:8080/users/felipe/products' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2NvbS5oZWxlc3RvIiwidXBuIjoiZmVsaXBlIiwiZ3JvdXBzIjpbIlVzZXIiLCJBZG1pbiJdLCJiaXJ0aGRhdGUiOiIxOTgzLTAzLTI1IiwiaWF0IjoxNjI1MTgyMTcxLCJleHAiOjE2MjUxODI0NzEsImp0aSI6IjI2ZmYzZjczLTE0NWUtNDM2NC04NTE2LWIwNzU0YTU2YTdmYyJ9.J9S8z0IMF5XLeRfhj7u-HURSVeGUhm59Wowd56dInbC-HkKHT9aUjKN4eOeSWAWkgehBazvjkn9PZegpud1up3WRaffrx6AxYSRUAYJ205y7yjzSgbdDo6cYB3UT7dxrdcT3pczxb8X2A6YJYeOFnPoVILKlbVAJqFXAQdupLrs9V8UZCS4VGflE1AhcxQZR1rTSe6bTGeUNz4eX7vxcyL6HP_B4MhSYOnBcWtKSf1PEvPmbTfcbxK30uqA52jtSI8jMCUHw3XFTU9q_GQ4I0LMKHADj-aORGjvIZj4dZTofso_fP-ISnSnCy0qUI-Rv0yY5lHo135IgIhcz2yem5w'

Answer 1

我从 quarkusio/registry.quarkus.io project 复制了 AdminApi 类中的一个示例，并使用 the docs of the swagger.io project about the bearer-authentication 从 SecuritySchemeType.APIKEY 到 SecuritySchemeType.HTTP 进行了一些调整，在下面进行了注释，一切正常 available in this gist：

import java.util.List;

import javax.annotation.security.RolesAllowed;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;

import org.eclipse.microprofile.jwt.JsonWebToken;
import org.eclipse.microprofile.openapi.annotations.enums.SecuritySchemeIn;
import org.eclipse.microprofile.openapi.annotations.enums.SecuritySchemeType;
import org.eclipse.microprofile.openapi.annotations.security.SecurityRequirement;
import org.eclipse.microprofile.openapi.annotations.security.SecurityScheme;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;

@Path("users/{user}/products")
@RequestScoped
@Produces("application/json")
@Consumes("application/json")
@Tag(name = "Products")
@SecurityScheme(securitySchemeName = "Authentication",
    description = "JWT token",
    type = SecuritySchemeType.HTTP,
    scheme = "bearer",
    bearerFormat = "JWT",
    in = SecuritySchemeIn.HEADER)
public class ProductResource {

    @Inject
    JsonWebToken jwt;

    @GET
    @RolesAllowed({ "User", "Admin" })
    @SecurityRequirement(name = "Authentication")
    public List<Product> getByUserName(@PathParam("user") String user, @Context SecurityContext ctx) {
        return Product.listByUserName(user);
    }

}

当我启动我的 swagger-ui 时，我可以使用 Authorize 按钮通知 JWT 令牌：

现在，当我执行端点时，swagger-ui 将 JWT 令牌添加到标头：

curl -X 'GET' \
  'http://localhost:8080/users/felipe/products' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2NvbS5oZWxlc3RvIiwidXBuIjoiZmVsaXBlIiwiZ3JvdXBzIjpbIlVzZXIiLCJBZG1pbiJdLCJiaXJ0aGRhdGUiOiIxOTgzLTAzLTI1IiwiaWF0IjoxNjI1MTgyMTcxLCJleHAiOjE2MjUxODI0NzEsImp0aSI6IjI2ZmYzZjczLTE0NWUtNDM2NC04NTE2LWIwNzU0YTU2YTdmYyJ9.J9S8z0IMF5XLeRfhj7u-HURSVeGUhm59Wowd56dInbC-HkKHT9aUjKN4eOeSWAWkgehBazvjkn9PZegpud1up3WRaffrx6AxYSRUAYJ205y7yjzSgbdDo6cYB3UT7dxrdcT3pczxb8X2A6YJYeOFnPoVILKlbVAJqFXAQdupLrs9V8UZCS4VGflE1AhcxQZR1rTSe6bTGeUNz4eX7vxcyL6HP_B4MhSYOnBcWtKSf1PEvPmbTfcbxK30uqA52jtSI8jMCUHw3XFTU9q_GQ4I0LMKHADj-aORGjvIZj4dZTofso_fP-ISnSnCy0qUI-Rv0yY5lHo135IgIhcz2yem5w'