cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CXF-7137) Allow OAuth2 customization via Swagger2Feature
Date Mon, 28 Nov 2016 11:41:58 GMT

    [ https://issues.apache.org/jira/browse/CXF-7137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15701766#comment-15701766
] 

Sergey Beryozkin edited comment on CXF-7137 at 11/28/16 11:41 AM:
------------------------------------------------------------------

I've re-read your comments and checked some resources and I think I understand how the whole
process works now, thanks. I've added a Map of SecuritySchemeDefinitions property to Swagger2Feature
to make it easier to set these definitions.

But this issue is really about ensuring Swagger UI sends correct client_id/etc to the OAuth2
authorization service.
Swagger2Feature does not ship SwaggerUI. I believe you'd need to expand swagger UI like this:

https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/jax_rs/description_swagger/pom.xml#L63

but also ship a custom index.html where you will define clientId/etc variables for swagger-oauth.js
to correctly identify them. I've just checked swagger-ui-2.1.8-M1, initOAuth is commented
out in index.html. So I think it is the only way right now - ship the custom index.html.
 

IMHO the better option is for SwaggerUI (swagger-oauth.js) to auto-enable the text fields
which will let the user enter client_id/etc if OAuth2 security scheme definition is available
to avoid customizing index.html - please consider creating a pull request against Swagger
UI. 

I honestly do not see what else we can do at the CXF level apart from the update I did to
make it easier to add the security definitions.
  


was (Author: sergey_beryozkin):
I've re-read your comments and checked some resources and I think I understand how the whole
process works now, thanks. I've added a Map of SecuritySchemeDefinitions property to Swagger2Feature
to make it easier to set these definitions.

But this issue is really about ensuring Swagger UI sends correct client_id/etc to the OAuth2
authorization service.
Swagger2Feature does not ship SwaggerUI. I believe you'd need to expand swagger UI like this:

https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/jax_rs/description_swagger/pom.xml#L63

but also ship a custom index.html where you will define clientId/etc variables for swagger-oauth.js
to correctly identify them. I've just checked swagger-ui-2.1.8-M1, initOAuth is commented
out in index.html. So I think it is the only way right - ship the custom index.html.
 

IMHO the better option is for SwaggerUI (swagger-oauth.js) to auto-enable the text fields
which will let the user enter client_id/etc if OAuth2 security scheme definition is available
to avoid customizing index.html - please consider creating a pull request against Swagger
UI. 

I honestly do not see what else we can do at the CXF level apart from the update I did to
make it easier to add the security definitions.
  

> Allow OAuth2 customization via Swagger2Feature
> ----------------------------------------------
>
>                 Key: CXF-7137
>                 URL: https://issues.apache.org/jira/browse/CXF-7137
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS
>    Affects Versions: 3.1.8
>            Reporter: Alexander K.
>            Assignee: Sergey Beryozkin
>
> It seems that there is no way to customize initOAuth() details like clientId, clientSecret,
realm, appName, etc. for SwaggerUI-OAuth integration. This will allow Swagger-UI authorization
for protected CXF REST services by an authorization server such as Keycloak.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message