How to ask Swagger UI to add bearer token field for each endpoint globally?

Question

Because of the issue described here I am migrating to Springdoc. And now in Swagger UI I don't have a field for bearer token for each endpoint but it is expected because those endpoints are secured.

I have the following configuration:

@Bean
public OpenAPI myAPI() {
  return new OpenAPI()
      .components(new Components()
          .addSecuritySchemes("bearer-key",
              new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("bearer").bearerFormat("JWT")))
      .info(new Info()
          .title("MY API")
          .description("Documentation of API v.1.0")
          .version("1.0")
      ).addSecurityItem(
          new SecurityRequirement().addList("bearer-jwt", Arrays.asList("read", "write")));
}

I've found workaround - marking each invidual endpoint with:

@Operation(summary = "some description", security = { @SecurityRequirement(name = "bearer-key") })

But I don't like to do this repeated work.

Is there a way to make it global for each rest endpont?

I also faced the same issue and unfortunately found no way around that. It was not that bad in our case because we had already the `@Operation` annotation there on each endpoint. — João Dias, Jan 25 '22 at 23:16
@João Dias I've found the solution https://stackoverflow.com/a/70859998/2674303 — gstackoverflow, Jan 26 '22 at 07:46

gstackoverflow · Accepted Answer · 2022-01-26T07:54:40.267

It works with small diference

when I used swagger 2 I had to provide token like

Bearer eyJhbGciOi....

but now I had to provide it like

eyJhbGciOi....

public OpenAPI myAPI() {
        return new OpenAPI()
                .components(new Components()
                        .addSecuritySchemes("bearer-key",
                                new SecurityScheme()
                                        .type(SecurityScheme.Type.HTTP)
                                        .scheme("bearer")
                                        .bearerFormat("JWT")
                        )
                )
                .info(new Info()
                        .title("My API")
                        .description("Documentation of API v.1.0")
                        .version("1.0")
                ).addSecurityItem(
                        new SecurityRequirement()
                                .addList("bearer-jwt", Arrays.asList("read", "write"))
                                .addList("bearer-key", Collections.emptyList())
                );
    }

score 1 · Answer 2 · answered Aug 29 '22 at 19:52

Use io.swagger.v3.oas.annotations.OpenAPIDefinition to define the io.swagger.v3.oas.annotations.security.SecurityRequirement globally:

import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import org.springdoc.core.customizers.OpenApiCustomiser;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
@OpenAPIDefinition(security = {@SecurityRequirement(name = "bearer-key")})
public class OpenApiConfig {

    @Bean
    public OpenApiCustomiser customerGlobalHeaderOpenApiCustomiser() {
        return openApi -> openApi.getComponents()
            .addSecuritySchemes("bearer-key",
                new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("bearer").bearerFormat("JWT"));
    }
}

How to ask Swagger UI to add bearer token field for each endpoint globally?

2 Answers2