Springboot, CXF 3.2.7, Swagger2Feature: Authorization header does not appear in the request headers

Question

I'm trying to integrate Swagger 2 into my API, which is implemented with CXF newest version: 3.2.7.

I tried lots of tutorials, the CXF official documentation, others too (e.g. Spring Boot, Apache CXF, Swagger under JAX-RS). The swagger official website does not help for me. The swagger OpenAPI 2.0 authentication doc is not working, neighter the OpenAPI 3.0.

It is not working with component schemes of Open API 3.0.0, so i stayed with the apiKeyDefinition.

The one, which is working now can be found in this thread, in the answer of @Naoj: CXF Swagger2Feature adding securityDefinitions

With this solution the swagger ui appeared and also the Autorize button is showing.

I fill the authentication form, and after that, I try to send requests with the swagger-ui. The problem is, that the Authorization header does not appear in the request, so I got 401 response.

---

In the pom:

<dependency>    
    <groupId>org.apache.cxf</groupId>
    <artifactId>cxf-rt-rs-service-description-swagger</artifactId>
    <version>3.2.7</version>
</dependency>
<dependency>
    <groupId>org.webjars</groupId>
    <artifactId>swagger-ui</artifactId>
    <version>3.20.1</version>
</dependency>

My swagger configuration looks like this:

@Configuration
public class SwaggerConfig {

    @Bean
    @ConfigurationProperties("swagger")
    public Swagger2Feature swagger() {
        return new ExtendedSwagger2Feature();
    }

    @Bean
    @DependsOn("jaxRsServer")
    public ServletContextInitializer initializer() {
        return servletContext -> {
            BeanConfig scanner = (BeanConfig) ScannerFactory.getScanner();
            Swagger swagger = scanner.getSwagger();
            servletContext.setAttribute("swagger", swagger);
        };
    }
}

The extended swagger feature is the following:

@Provider(value = Provider.Type.Feature, scope = Provider.Scope.Server)
public class ExtendedSwagger2Feature extends Swagger2Feature {

    @Override
    protected void addSwaggerResource(Server server, Bus bus) {
        super.addSwaggerResource(server, bus);

        BeanConfig config = (BeanConfig) ScannerFactory.getScanner();
        Swagger swagger = config.getSwagger();
        swagger.securityDefinition("Bearer", new ApiKeyAuthDefinition("authorization", In.HEADER));
    }
}

I try to configure Bearer JWT token based authentication. My application.yml contains the following:

swagger:
   basePath: /rest
   title: Backend Application
   description: Swagger documentation of Backend Application REST services
   license:
   licenceUrl:
   contact:
   resourcePackage: my.resource.package
   scan: true
   apiKeyAuthDefinition:
     name: Authorization
     in: header
     type: http

I import the SwaggerConfig into my @SpringBootApplication class like this:

@Import(SwaggerConfig.class)

It is working, as i see, swagger appeared and the title and description field is filled with the properties of my yml.

What am I missing? Any suggestions would be appretiated. Thanks in advance.

Answer 1

You can simplify your code and remove ExtendedSwagger2Feature and the initializer(). Modify your swagger() method as follows and the output will be the same:

@Bean
@ConfigurationProperties("swagger")
public Swagger2Feature swagger() {
    Swagger2Feature swagger2Feature = new Swagger2Feature();
    swagger2Feature.setSecurityDefinitions(Collections.singletonMap("bearerAuth",
            new ApiKeyAuthDefinition("Authorization", In.HEADER)));
    return swagger2Feature;
}

The reason for the token not being added to your request, is that securityDefinitions is just a declaration for the available schemes. You need to apply it to the operation by adding (to your TestResource interface):

@Api( authorizations = @Authorization( value = "bearerAuth" ))

You will notice a lock icon next to the operation in Swagger UI. Currently it's not there.

Btw. you should use the newer OpenApiFeature instead of the old Swagger2Feature. Happy to answer questions, if you have problems with it.