0

I am using Spring Boot 2.5.4 with Swagger 3. I have added one Global Request Parameter as type header and required=true in Swagger Config file . Swagger UI is correctly showing the required request header in all APIs but the problem is that it's allowing requests to be sent when the value is empty for required request header. In Swagger 2 , UI used to disable sending request until the value was filled.

Any suggestions.

@Bean
    public Docket api() {

        RequestParameterBuilder aParameterBuilder = new RequestParameterBuilder();
        aParameterBuilder.name("x-remote-user").description("Remote User").in(ParameterType.HEADER).required(true)
                .build();

        List<RequestParameter> aParameters = new ArrayList<>();
        aParameters.add(aParameterBuilder.build());
        return new Docket(DocumentationType.SWAGGER_2).apiInfo(apiInfo())
                .securityContexts(Arrays.asList(securityContext())).securitySchemes(Arrays.asList(apiKey())).select()
                .apis(RequestHandlerSelectors.basePackage("com.xxx.controller"))
                .paths(PathSelectors.ant("/api/**")).build().globalRequestParameters(aParameters);
    }
Ladu anand
  • 646
  • 2
  • 8
  • 30

2 Answers2

1

I found out the solution . Posting it here if someone else is looking for it .

If we disallow empty values , then swagger UI starts blocking us from Executing API if header value is kept empty.

@Bean
    public Docket api() {

        return new Docket(DocumentationType.SWAGGER_2).apiInfo(apiInfo())
                .securityContexts(Arrays.asList(securityContext())).securitySchemes(Arrays.asList(apiKey())).select()
                .apis(RequestHandlerSelectors.basePackage("com.xxx.controller"))
                .paths(PathSelectors.ant("/api/**")).build()
                .globalRequestParameters(Arrays.asList(new RequestParameterBuilder().name("x-remote-user")
                        .description("Remote User").in(ParameterType.HEADER).required(true)
                        .query(simpleParameterSpecificationBuilder -> simpleParameterSpecificationBuilder
                                .allowEmptyValue(false).model(modelSpecificationBuilder -> modelSpecificationBuilder
                                        .scalarModel(ScalarType.STRING)))
                        .build()));
    }
Ladu anand
  • 646
  • 2
  • 8
  • 30
0

it maybe help you

    private SecurityContext securityContext() {
        return SecurityContext.builder()
                .securityReferences(defaultAuth())
                .operationSelector(this::selector)
                .build();
    }
    boolean selector(OperationContext operationContext) {
        String url = operationContext.requestMappingPattern();
        // filter url
        return true;
    }

    private List<SecurityReference> defaultAuth() {
        AuthorizationScope authorizationScope = new AuthorizationScope("global", "Authorization header");
        AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
        authorizationScopes[0] = authorizationScope;
        return Collections.singletonList(new SecurityReference("Authorization", authorizationScopes));
    }

    private List<SecurityScheme> securitySchemeList(){
        ApiKey apiKey = new ApiKey("Authorization", "Authorization token", "header");
        return Collections.singletonList(apiKey);
    }

    private List<RequestParameter> globalRequestParameters() {
        RequestParameterBuilder parameterBuilder = new RequestParameterBuilder()
                .in(ParameterType.HEADER)
                .name("Authorization")
                .required(true)
                .query(param -> param.model(model -> model.scalarModel(ScalarType.STRING)));
        return Collections.singletonList(parameterBuilder.build());
    }

    @Bean
    public Docket authorization() {
        return new Docket(DocumentationType.OAS_30)
                .apiInfo(apiInfo())
                .securityContexts(Collections.singletonList(securityContext()))
                .securitySchemes(securitySchemeList())
                .globalRequestParameters(globalRequestParameters())
                .select()
                .paths(PathSelectors.regex("^(?!/error).*"))
                .build()
        ;
    }
Junisyoan
  • 26
  • 3