Search code examples
javaspring-mvcauthorizationopenapispringfox

Springfox 3 OpenAPI 3 does not send authorization header with request

I run the following configuration to enable basic authentication for my (non-spring boot) project

@Configuration
@EnableOpenApi
@EnableWebMvc
public class SpringFoxConfig implements WebMvcConfigurer {

    @Bean
    public Docket api() {
        return new Docket(DocumentationType.OAS_30)
                .select()
                .apis(RequestHandlerSelectors.withClassAnnotation(PublicAPI.class))
                .paths(PathSelectors.any())
                .build()
                .securityContexts(Arrays.asList(securityContext()))
                .securitySchemes(Arrays.asList(securityScheme())));
    }

    private SecurityScheme securityScheme() {
        return new HttpAuthenticationBuilder()
                .name("basic")
                .scheme("basic")
                .build();
    }

    private SecurityContext securityContext() {
        return SecurityContext
                .builder()
                .securityReferences(securityReferences())
                .operationSelector(operationContext -> true)
                .build();
    }

    private List<SecurityReference> securityReferences() {
        return singletonList(new SecurityReference("Authorization", new AuthorizationScope[] {new AuthorizationScope("global", "global")}));
    }
}

this allows me to authorize my requests

enter image description here

but when testing the call, the authorization header isn't built nor sent with the request:

curl -X GET "https://localhost:8443/foo/rest/ws/info/get-master/code/awd" -H "accept: application/json"
Solution

  • Security reference name was different from the one defined in the securityScheme

    private SecurityScheme securityScheme() {
    return new HttpAuthenticationBuilder()
            .name("basic")
            .scheme("basic")
            .build();
}

private SecurityContext securityContext() {
    return SecurityContext.builder()
            .securityReferences(defaultAuth())
            .forPaths(PathSelectors.any())
            .build();
}

private List<SecurityReference> defaultAuth() {
    AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
    authorizationScopes[0] = new AuthorizationScope("global", "accessEverything");
    return singletonList(new SecurityReference("basic", authorizationScopes));
}