SpringBoot整合Swagger2以及生产环境的安全问题处理

时间:2022-09-14 17:10:17

 

1.创建springboot项目

https://www.cnblogs.com/i-tao/p/8878562.html

这里我们使用多环境配置:

  • application-dev.yml(开发环境)
  • application-test.yml(测试环境)
  • application-uat.yml(预发布)
  • application-pro.yml(生产环境)

2.添加Swagger2依赖

<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.6.1</version>
</dependency>

<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.6.1</version>
</dependency>

 2.1 启动类开启Swagger2

package com.tao.springboot;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

@SpringBootApplication
@EnableSwagger2
public class SpringbootApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringbootApplication.class, args);
    }

}

2.2 Swagger2配置类

package com.tao.springboot.util;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;

@Configuration
public class Swagger2 {
    @Bean
    public Docket createRestApi() {
        return new Docket(DocumentationType.SWAGGER_2)
                .apiInfo(apiInfo())
                .select()
                .apis(RequestHandlerSelectors.basePackage("com.tao.springboot.action"))//controller路径
                .paths(PathSelectors.any())
                .build();
    }

    private ApiInfo apiInfo() {
        return new ApiInfoBuilder()
                .title("标题")
                .description("描述")
                .termsOfServiceUrl("地址")
                .version("1.0")
                .build();
    }
}

 2.3 开始在action里面写一个接口

package com.tao.springboot.action;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping(value = "/says",method = RequestMethod.GET)
public class sayHello {
/**
* 根据用户名说hello
* @param name
* @return
*/
@RequestMapping(value = "/hello",method = RequestMethod.GET)
public String hello(String name){
return name+" hello";
}
}

为了方便接口管理和维护,增加Swagger2注解:

  • @Api:修饰整个类,描述Controller的作用
  • @ApiOperation:描述一个类的一个方法,或者说一个接口
  • @ApiParam:单个参数描述
  • @ApiModel:用对象来接收参数
  • @ApiProperty:用对象接收参数时,描述对象的一个字段
  • @ApiResponse:HTTP响应其中1个描述
  • @ApiResponses:HTTP响应整体描述
  • @ApiIgnore:使用该注解忽略这个API
  • @ApiError :发生错误返回的信息
  • @ApiImplicitParam:一个请求参数
  • @ApiImplicitParams:多个请求参数

 

package com.tao.springboot.action;

import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiOperation;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping(value = "/says",method = RequestMethod.GET)
public class sayHello {
    /**
     * 根据用户名说hello
     * @param name
     * @return
     */
    @ApiOperation(value="say hello", notes="根据url的name来say hello!")
    @ApiImplicitParam(name = "name", value = "用户名称", required = true, dataType = "String", paramType = "path")
    @RequestMapping(value = "/hello",method = RequestMethod.GET)
    public String hello(String name){
        return name+" hello";
    }
}

访问:http://localhost:8081/swagger-ui.html

SpringBoot整合Swagger2以及生产环境的安全问题处理

3.如果解决线上接口不被暴露?

 3.1 使用springboot security过滤

略……

 3.2 生产环境移除Swagger2

略……

 3.3 直接使用多环境配置,生产环境不启用Swagger2

application.yml文件
spring:
profiles:
active: pro

application-pro.yml

#生产环境
server:
  port: 8080

swagger2:
  enable: false

2.2 Swagger2配置类增加

@Value("${swagger2.enable}")
    private boolean swagger2Enable;
package com.tao.springboot.util;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;

@Configuration
public class Swagger2 {
    @Value("${swagger2.enable}")
    private boolean swagger2Enable;

    @Bean
    public Docket createRestApi() {
        return new Docket(DocumentationType.SWAGGER_2)
                .enable(swagger2Enable)
                .apiInfo(apiInfo())
                .select()
                .apis(RequestHandlerSelectors.basePackage("com.tao.springboot.action"))//controller路径
                .paths(PathSelectors.any())
                .build();
    }

    private ApiInfo apiInfo() {
        return new ApiInfoBuilder()
                .title("标题")
                .description("描述")
                .termsOfServiceUrl("地址")
                .version("1.0")
                .build();
    }
}

 

访问:http://localhost:8081/swagger-ui.html

SpringBoot整合Swagger2以及生产环境的安全问题处理

 

访问:http://localhost:8080/swagger-ui.html

SpringBoot整合Swagger2以及生产环境的安全问题处理

 github地址:https://github.com/80905949/springbootswagger2.git