Getting Swagger to provide user and password for authentification to my Tomcat application

Question

I have a Java application that I deploy on Tomcat (which itself is in a Docker container). The Tomcat requires authentification, asking for user and a passwort. User and password are written into tomcat/tomcat-users.xml and into web.xml with

<security-constraint>
    <web-resource-collection>
        <web-resource-name>RESTful Application Service</web-resource-name>
        <url-pattern>/rest/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>restservice</role-name>
    </auth-constraint>
</security-constraint>

This all works as planned.

The application is swaggerized and I would like to use swagger-ui (https://github.com/swagger-api/swagger-ui) to connect with it. This however does not work. I get

$ curl -I "http://localhost:8080/my-rest-service/rest/swagger.json"
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: XXXXXXXX
WWW-Authenticate: Basic realm="RESTful Application Service"
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 951
Date: XXXXXXXX

It does work if I disable the password protection by commenting the security-constraint mentioned above in the web.xml.

What can I do to get swagger to provide a user and a password to my Tomcat / Tomcat application?

From Saúl Martínez Vidals:

In dist/index.html I have to manipulate the part

  function addApiKeyAuthorization(){
    var key = encodeURIComponent($('#input_apiKey')[0].value);
    if(key && key.trim() != "") {
        var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("api_key", key, "query");
        window.swaggerUi.api.clientAuthorizations.add("api_key", apiKeyAuth);
        log("added key " + key);
    }
  }

but how exactly?

From Adding Basic Authorization for Swagger-UI I thought it might be

  function addApiKeyAuthorization(){
    var key = encodeURIComponent($('#input_apiKey')[0].value);
    if(key && key.trim() != "") {
        var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("api_key", key, "query");
        window.swaggerUi.api.clientAuthorizations.add("api_key", apiKeyAuth);
        swaggerUi.api.clientAuthorizations.add("api_key", new SwaggerClient.ApiKeyAuthorization("Authorization", "Basic YWRtaW46dG9tY2F0=", "header"));
        log("added key " + key);
    }
  }

where YWRtaW46dG9tY2F0 is from https://webnet77.net/cgi-bin/helpers/base-64.pl but this did not help.

Saúl Martínez Vidals · Answer 1 · 2019-05-30T17:59:02.933

0

You have to modify your index file (dist/index.html) , and edit the JS code to use Custom Headers Parameters (it use to exists in 2.x API)

something like:

edited May 30 '19 at 17:59

answered Jul 28 '15 at 19:49

Saúl Martínez Vidals

598
3
15

1

Something like...? You forgot to write the vital information down ;-). – Make42 Jul 28 '15 at 19:55
I was about to paste the same code that the link has – Saúl Martínez Vidals Jul 28 '15 at 20:47
What do I write instead of XXXX and where do I write username and password down? – Make42 Jul 29 '15 at 10:31
Can't find anything related to `Custom Headers Parameters`. – Shihe Zhang Sep 03 '18 at 03:35
@ShiheZhang, it was part of the `2.x` API, I'll update my answer. – Saúl Martínez Vidals May 30 '19 at 17:57

Getting Swagger to provide user and password for authentification to my Tomcat application

1 Answers1