Add description to token auth in swagger ui

qbicsoftware · Mar 26, 2024 · 62e0ec8 · 62e0ec8
1 parent 6fb2a59
commit 62e0ec8
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 7 deletions.
diff --git a/rest-api/src/main/java/life/qbic/data_download/rest/config/OpenApiConfig.java b/rest-api/src/main/java/life/qbic/data_download/rest/config/OpenApiConfig.java
@@ -6,17 +6,35 @@
 import io.swagger.v3.oas.annotations.info.Info;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.security.SecurityScheme;
+import io.swagger.v3.oas.models.Components;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.security.SecurityScheme.In;
+import io.swagger.v3.oas.models.security.SecurityScheme.Type;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 @Configuration
 @OpenAPIDefinition(info = @Info(title = "My API", version = "v1"),
     security = @SecurityRequirement(name = "personal_access_token")) //globally set this
-@SecurityScheme(
-    type = SecuritySchemeType.APIKEY,
-    in = SecuritySchemeIn.HEADER,
-    name = "personal_access_token",
-    paramName = "Authorization"
-)
 public class OpenApiConfig {
 
+  @Bean
+  public OpenAPI customOpenAPI(
+      @Value("${server.download.token-name}") String tokenName
+  ) {
+    io.swagger.v3.oas.models.security.SecurityScheme securityScheme = new io.swagger.v3.oas.models.security.SecurityScheme()
+        .type(Type.APIKEY)
+        .in(In.HEADER)
+        .description(
+            "A personal access token (PAT) obtained through by the data manager. Please prefix your token with '"
+                + tokenName + " " + "' e.g. '" + tokenName + "  abcdefg1234'.")
+        .name("Authorization");
+    var securityComponent = new Components()
+        .addSecuritySchemes("personal_access_token", securityScheme);
+
+    return new OpenAPI()
+        .components(securityComponent);
+  }
+
 }
diff --git a/rest-api/src/main/java/life/qbic/data_download/rest/config/SecurityConfig.java b/rest-api/src/main/java/life/qbic/data_download/rest/config/SecurityConfig.java
@@ -82,12 +82,14 @@ public SecurityFilterChain apiFilterChain(HttpSecurity http,
         .authorizeHttpRequests(authorizedRequest ->
             authorizedRequest
                 .requestMatchers("/download/measurements/**")
-                .authenticated());
+                .authenticated()
+        );
 //                .access(new WebExpressionAuthorizationManager("hasPermission(//TODO)")));
 
     return http.build();
   }
 
+
   @Bean
   public WebSecurityCustomizer webSecurityCustomizer() {
     return web -> web.ignoring().requestMatchers(ignoredEndpoints);

diff --git a/rest-api/src/main/java/life/qbic/data_download/rest/exceptions/GlobalExceptionHandler.java b/rest-api/src/main/java/life/qbic/data_download/rest/exceptions/GlobalExceptionHandler.java
@@ -2,13 +2,21 @@
 
 import static org.slf4j.LoggerFactory.getLogger;
 
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
 import life.qbic.data_download.rest.exceptions.ErrorMessageTranslationService.UserFriendlyErrorMessage;
 import org.slf4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.HttpStatusCode;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseStatus;
@@ -45,6 +53,7 @@ public ResponseEntity<String> globalException(GlobalException globalException) {
         .body("%s\t%s".formatted(errorMessage.title(), errorMessage.message()));
   }
 
+
   @ExceptionHandler(value = Exception.class)
   public ResponseEntity<String> unknownException(Exception e) {
     log.error(e.getMessage(), e);