Chris Mepham

Chris Mepham

Sharing my digital learnings.

How To Configure Http Basic Authentication For Swagger 2 And Spring 2

less than 1 minute read

This post will explain how to configure Spring Boot 2 to access Swagger 2 using HTTP Basic authorization.

Requirements

Spring Boot 2.0.4.RELEASE Swagger 2.9.2

Create the REST controller

import com.server.common.model.Menu;
import com.server.dataservice.service.MenuService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;

@RestController("menus")
public class MenuController
{
    @Autowired
    private MenuService menuService;

    @GetMapping("/get-all")
    public ResponseEntity<List<Menu>> getMenus() {
        return new ResponseEntity<>(menuService.getAll(), HttpStatus.OK);
    }
}

Create the configuration class

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.AuthenticationEntryPoint;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

@Configuration
@EnableSwagger2
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
    @Autowired
    private AuthenticationEntryPoint authEntryPoint;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests()
                .anyRequest().authenticated()
                .and().httpBasic()
                .authenticationEntryPoint(authEntryPoint);
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("john123").password("{noop}password").roles("USER");
    }

}

You could replace the simple in-memory authentication with anything else.

Now, start your Spring Boot 2 application and navigate to http://localhost:9030/swagger-ui.html. The port may differ.

You should be presented with a login dialog. Enter the username and password from the configuration file to gain access to the Swagger UI. Or alternatively use Postman.

Notice the Authorization header! The value starts with “Basic “ followed by username:password Base64 encoded.

You may also enjoy

Ocp Data Types

2 minute read

OCP - Data types Java supports two data types:

Ocp Packages And Imports

2 minute read

OCP - Packages and imports In Java, packages are used to group classes. This is to prevent naming conflicts and to better organise the code.

Ocp Executing The Jvm

4 minute read

OCP - Executing the JVM When a Java program is “executed” or “ran” what is actually happening is that we are executing the Java Virtual Machine (JVM) and pas...