diff --git a/pom.xml b/pom.xml
index 3c33388..58cbf6b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,6 +26,10 @@
org.springframework.boot
spring-boot-starter-web
+
+ org.springframework.boot
+ spring-boot-starter-oauth2-client
+
diff --git a/src/main/java/org/sadtech/example/swagger/config/OpenApiConfig.java b/src/main/java/org/sadtech/example/swagger/config/OpenApiConfig.java
index c092668..2c0649e 100644
--- a/src/main/java/org/sadtech/example/swagger/config/OpenApiConfig.java
+++ b/src/main/java/org/sadtech/example/swagger/config/OpenApiConfig.java
@@ -1,8 +1,11 @@
package org.sadtech.example.swagger.config;
import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.info.Contact;
import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
/**
* @author upagge 30.12.2020
@@ -18,6 +21,24 @@ import io.swagger.v3.oas.annotations.info.Info;
)
)
)
+//@SecurityScheme(
+// name = "Oauth2",
+// type = SecuritySchemeType.OAUTH2,
+// flows = @OAuthFlows(
+// authorizationCode = @OAuthFlow(
+// tokenUrl = "https://oauth.mocklab.io/oauth/token",
+// refreshUrl = "https://oauth.mocklab.io/oauth/token",
+// authorizationUrl = "https://oauth.mocklab.io/oauth/authorize",
+// scopes = {@OAuthScope(name = "profile"), @OAuthScope(name = "email")}
+// )
+// )
+//)
+@SecurityScheme(
+ name = "jsessionid",
+ in = SecuritySchemeIn.COOKIE,
+ type = SecuritySchemeType.APIKEY,
+ paramName = "JSESSIONID"
+)
public class OpenApiConfig {
}
diff --git a/src/main/java/org/sadtech/example/swagger/config/SecurityConfig.java b/src/main/java/org/sadtech/example/swagger/config/SecurityConfig.java
new file mode 100644
index 0000000..b2dd9a0
--- /dev/null
+++ b/src/main/java/org/sadtech/example/swagger/config/SecurityConfig.java
@@ -0,0 +1,28 @@
+package org.sadtech.example.swagger.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+ @Bean
+ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+ return http
+ .cors().disable()
+ .oauth2Login()
+ .and()
+ .authorizeHttpRequests(
+ registry -> registry
+ .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html")
+ .permitAll()
+ .anyRequest().authenticated()
+ )
+ .build();
+ }
+
+}
diff --git a/src/main/java/org/sadtech/example/swagger/controller/UserController.java b/src/main/java/org/sadtech/example/swagger/controller/UserController.java
index f5418f8..4e0d345 100644
--- a/src/main/java/org/sadtech/example/swagger/controller/UserController.java
+++ b/src/main/java/org/sadtech/example/swagger/controller/UserController.java
@@ -2,6 +2,7 @@ package org.sadtech.example.swagger.controller;
import io.swagger.v3.oas.annotations.ExternalDocumentation;
import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.sadtech.example.swagger.dto.UserDto;
import org.springframework.http.HttpStatus;
@@ -56,9 +57,12 @@ public class UserController {
return HttpStatus.OK;
}
+ @SecurityRequirement(name = "jsessionid")
@GetMapping(value = "{key}", produces = APPLICATION_JSON_VALUE)
@Operation(summary = "Получить пользователя")
- public ResponseEntity getSimpleDto(@PathVariable("key") String key) {
+ public ResponseEntity getSimpleDto(
+ @PathVariable("key") String key
+ ) {
return ResponseEntity.ok(repository.get(key));
}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 8b13789..cd6b4bc 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -1 +1,25 @@
-
+#springdoc:
+# swagger-ui:
+# oauth:
+# client-id: mocklab_oidc
+# client-secret: whatever
+spring:
+ security:
+ oauth2:
+ client:
+ registration:
+ mocklab:
+ provider: mocklab
+ client-authentication-method: basic
+ authorization-grant-type: authorization_code
+ scope: profile, email
+ redirect-uri: http://localhost:8080/login/oauth2/code/
+ clientId: mocklab_oidc
+ clientSecret: whatever
+ provider:
+ mocklab:
+ authorization-uri: https://oauth.mocklab.io/oauth/authorize
+ token-uri: https://oauth.mocklab.io/oauth/token
+ user-info-uri: https://oauth.mocklab.io/userinfo
+ user-name-attribute: sub
+ jwk-set-uri: https://oauth.mocklab.io/.well-known/jwks.json
\ No newline at end of file