diff --git a/pom.xml b/pom.xml
index 44fe8df..f33ae36 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,6 +25,10 @@
org.springframework.boot
spring-boot-starter-web
+
+ org.springframework.boot
+ spring-boot-starter-oauth2-client
+
org.springdoc
diff --git a/src/main/java/org/sadtech/example/swagger/config/OpenApiConfig.java b/src/main/java/org/sadtech/example/swagger/config/OpenApiConfig.java
index c092668..2c0649e 100644
--- a/src/main/java/org/sadtech/example/swagger/config/OpenApiConfig.java
+++ b/src/main/java/org/sadtech/example/swagger/config/OpenApiConfig.java
@@ -1,8 +1,11 @@
package org.sadtech.example.swagger.config;
import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.info.Contact;
import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
/**
* @author upagge 30.12.2020
@@ -18,6 +21,24 @@ import io.swagger.v3.oas.annotations.info.Info;
)
)
)
+//@SecurityScheme(
+// name = "Oauth2",
+// type = SecuritySchemeType.OAUTH2,
+// flows = @OAuthFlows(
+// authorizationCode = @OAuthFlow(
+// tokenUrl = "https://oauth.mocklab.io/oauth/token",
+// refreshUrl = "https://oauth.mocklab.io/oauth/token",
+// authorizationUrl = "https://oauth.mocklab.io/oauth/authorize",
+// scopes = {@OAuthScope(name = "profile"), @OAuthScope(name = "email")}
+// )
+// )
+//)
+@SecurityScheme(
+ name = "jsessionid",
+ in = SecuritySchemeIn.COOKIE,
+ type = SecuritySchemeType.APIKEY,
+ paramName = "JSESSIONID"
+)
public class OpenApiConfig {
}
diff --git a/src/main/java/org/sadtech/example/swagger/config/SecurityConfig.java b/src/main/java/org/sadtech/example/swagger/config/SecurityConfig.java
new file mode 100644
index 0000000..b2dd9a0
--- /dev/null
+++ b/src/main/java/org/sadtech/example/swagger/config/SecurityConfig.java
@@ -0,0 +1,28 @@
+package org.sadtech.example.swagger.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+ @Bean
+ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+ return http
+ .cors().disable()
+ .oauth2Login()
+ .and()
+ .authorizeHttpRequests(
+ registry -> registry
+ .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html")
+ .permitAll()
+ .anyRequest().authenticated()
+ )
+ .build();
+ }
+
+}
diff --git a/src/main/java/org/sadtech/example/swagger/controller/PointController.java b/src/main/java/org/sadtech/example/swagger/controller/PointController.java
index f710c60..f808284 100644
--- a/src/main/java/org/sadtech/example/swagger/controller/PointController.java
+++ b/src/main/java/org/sadtech/example/swagger/controller/PointController.java
@@ -35,8 +35,8 @@ public class PointController {
@PostMapping("{key}")
@Operation(summary = "Управление баллами", description = "Позволяет удалить или добавить баллы пользователю")
public HttpStatus changePoints(
- @PathVariable @NotBlank @Parameter(description = "Идентификатор пользователя") String key,
- @RequestParam("point") @Min(0) @Parameter(description = "Количество баллов", required = true) Long point,
+ @PathVariable @NotBlank @Parameter(description = "Идентификатор пользователя", example = "key1") String key,
+ @RequestParam("point") @Min(0) @Parameter(description = "Количество баллов", required = true, example = "10") Long point,
@RequestParam("type") @Parameter(description = "Тип операции", required = true) TypeOperation type
) {
final UserDto userDto = repository.get(key);
diff --git a/src/main/java/org/sadtech/example/swagger/controller/UserController.java b/src/main/java/org/sadtech/example/swagger/controller/UserController.java
index a91dec3..a786385 100644
--- a/src/main/java/org/sadtech/example/swagger/controller/UserController.java
+++ b/src/main/java/org/sadtech/example/swagger/controller/UserController.java
@@ -1,6 +1,7 @@
package org.sadtech.example.swagger.controller;
import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.sadtech.example.swagger.dto.UserDto;
import org.springframework.http.HttpStatus;
@@ -48,9 +49,12 @@ public class UserController {
return HttpStatus.OK;
}
+ @SecurityRequirement(name = "jsessionid")
@GetMapping(value = "{key}", produces = APPLICATION_JSON_VALUE)
@Operation(summary = "Получить пользователя")
- public ResponseEntity getSimpleDto(@PathVariable("key") String key) {
+ public ResponseEntity getSimpleDto(
+ @PathVariable("key") String key
+ ) {
return ResponseEntity.ok(repository.get(key));
}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 8b13789..cd6b4bc 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -1 +1,25 @@
-
+#springdoc:
+# swagger-ui:
+# oauth:
+# client-id: mocklab_oidc
+# client-secret: whatever
+spring:
+ security:
+ oauth2:
+ client:
+ registration:
+ mocklab:
+ provider: mocklab
+ client-authentication-method: basic
+ authorization-grant-type: authorization_code
+ scope: profile, email
+ redirect-uri: http://localhost:8080/login/oauth2/code/
+ clientId: mocklab_oidc
+ clientSecret: whatever
+ provider:
+ mocklab:
+ authorization-uri: https://oauth.mocklab.io/oauth/authorize
+ token-uri: https://oauth.mocklab.io/oauth/token
+ user-info-uri: https://oauth.mocklab.io/userinfo
+ user-name-attribute: sub
+ jwk-set-uri: https://oauth.mocklab.io/.well-known/jwks.json
\ No newline at end of file