Springfox: when do oauth2 authoriziation it shows 403 error

Created on 9 Nov 2017  路  1Comment  路  Source: springfox/springfox

Recently I use spring cloud framework for my job. And use the latest version 'springfox' for the uaa api doc.

First, I use http://127.0.0.1:8060/uaa/swagger-ui.html to access the address.

Everything looks ok. Then I click the top right "Authorize" button to authorize all the apis.
But it jump to a link like http://localhost:8060/uaa/oauth/authorize?response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1%3A8060%2Fuaa%2Fwebjars%2Fspringfox-swagger-ui%2Fo2c.html&realm=realm&client_id=client&scope=read%2Cwrite&state=oauth2;

And error happens:

Whitelabel Error Page

This application has no explicit mapping for /error, so you are seeing this as a fallback.

Thu Nov 09 12:41:12 CST 2017
There was an unexpected error (type=Forbidden, status=403).
Access Denied

here's my configuration:

package cn.cloud.auth.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.OAuthBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.*;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spi.service.contexts.SecurityContext;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger.web.ApiKeyVehicle;
import springfox.documentation.swagger.web.SecurityConfiguration;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;


import static com.google.common.collect.Lists.newArrayList;

/**
 * Created by Administrator on 2017/10/6.
 */

@Configuration
@EnableSwagger2
public class SwaggerConfiguration {
    @Value("${uaa.clientId}")
    String clientId;

    @Value("${uaa.clientSecret}")
    String clientSecret;

    @Value("${uaa.url}")
    String oAuthServerUri;

    @Bean
    public Docket authApi() {
        return new Docket(DocumentationType.SWAGGER_2)
                //.groupName("doc-api")
                .apiInfo(apiInfo())
                .select()
                //.paths(authPaths())
                .apis(RequestHandlerSelectors.basePackage("cn.cloud.auth.controller"))
                .paths(PathSelectors.any())
                .build()
                .securitySchemes(Collections.singletonList(oauth()))
                .securityContexts(newArrayList(securityContext()));
    }

    private ApiInfo apiInfo() {
        return new ApiInfoBuilder()
                .title("Springfox auth API")
                .description("api doc.")
                .termsOfServiceUrl("http://springfox.io")
                .contact(new Contact("zhao xiaogang", "https://github.com/androidzhaoxiaogang" , "[email protected]"))
                .license("Apache License Version 2.0")
                .licenseUrl("https://github.com/springfox/springfox/blob/master/LICENSE")
                .version("2.0")
                .build();
    }

    @Bean
    SecurityScheme oauth() {
        return new OAuthBuilder()
                .name("oauth2")
                .scopes(scopes())
                .grantTypes(grantTypes())
                .build();
    }

    List<AuthorizationScope> scopes() {
        List<AuthorizationScope> list = new ArrayList();
        list.add(new AuthorizationScope("read","Grants read access"));
        list.add(new AuthorizationScope("write","Grants write access"));

        return list;
    }

    List<GrantType> grantTypes() {
        List<GrantType> grantTypes = new ArrayList<>();
        TokenRequestEndpoint tokenRequestEndpoint = new TokenRequestEndpoint(oAuthServerUri +
                "/oauth/authorize", clientId, clientSecret);
        TokenEndpoint tokenEndpoint = new TokenEndpoint(oAuthServerUri + "/oauth/token", "access_token");
        grantTypes.add(new AuthorizationCodeGrant(tokenRequestEndpoint, tokenEndpoint));
        return grantTypes;
    }

    @Bean
    SecurityContext securityContext() {
        AuthorizationScope[] scopes = new AuthorizationScope[2];
        scopes[0] = new AuthorizationScope( "read", "Grants read access" );
        scopes[1] = new AuthorizationScope( "write", "Grants write access" );

        SecurityReference securityReference = SecurityReference
                .builder()
                .reference("oauth2")
                .scopes(scopes)
                .build();


        return SecurityContext
                .builder()
                .securityReferences(newArrayList(securityReference))
                .forPaths(PathSelectors.any())
                .build();
    }

    @Bean
    public SecurityConfiguration securityInfo() {
        return new SecurityConfiguration(clientId, clientSecret, "realm", clientId,
                "apiKey", ApiKeyVehicle.HEADER, "api_key", ",");
    }
}

Hope someone can give some suggestions. tks

question
Source
picture androidzhaoxiaogang

>All comments

You need to whitelist the swagger-ui pages using spring security.

dilipkrish picture dilipkrish on 13 Nov 2017
👎2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Fabrice-Deshayes-aka-Xtream picture Fabrice-Deshayes-aka-Xtream  路  3Comments
liudonghua123 picture liudonghua123  路  3Comments
sg09 picture sg09  路  3Comments
duckladydinh picture duckladydinh  路  3Comments
tech-cs13 picture tech-cs13  路  3Comments