feat(swagger): implement swagger ui

andriawan · andriawan · commit c06a5ff73b7c · 2025-06-08T06:09:48.000Z
diff --git a/pom.xml b/pom.xml
@@ -102,6 +102,11 @@
 			<groupId>org.flywaydb</groupId>
 			<artifactId>flyway-database-postgresql</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springdoc</groupId>
+			<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+			<version>2.8.5</version>
+		</dependency>
 	</dependencies>
 
 	<build>
diff --git a/src/main/java/com/andriawan/andresource/config/Security.java b/src/main/java/com/andriawan/andresource/config/Security.java
@@ -6,13 +6,12 @@
 import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
 import com.nimbusds.jose.jwk.source.JWKSource;
 import com.nimbusds.jose.proc.SecurityContext;
-
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
-
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -42,22 +41,32 @@ public class Security {
   @Value("${auth.sample.password}")
   private String samplePassword;
 
-  private String[] publicRoute = {
-    "/api/v1/auth/login",
-    "/api/v1/auth/token/refresh"
-  };
+  private String[] publicRoute = {"/v3/api-docs/*", "/v3/api-docs", "/swagger-ui/*"};
+
+  private String loginRoute = "/api/v1/auth/login";
 
   @Bean
   public InMemoryUserDetailsManager sampleUser() {
-    UserDetails user = User.withUsername(sampeUsername)
-      .password("{noop}".concat(samplePassword)).build();
+    UserDetails user =
+        User.withUsername(sampeUsername).password("{noop}".concat(samplePassword)).build();
     return new InMemoryUserDetailsManager(user);
   }
 
   @Bean
-  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+  @Order(1)
+  public SecurityFilterChain loginFilterChain(HttpSecurity http) throws Exception {
     return http.httpBasic(Customizer.withDefaults())
-        .authorizeHttpRequests(
+        .securityMatcher(loginRoute)
+        .csrf(crsf -> crsf.disable())
+        .sessionManagement(
+            session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+        .build();
+  }
+
+  @Bean
+  @Order(2)
+  public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
+    return http.authorizeHttpRequests(
             request ->
                 request.requestMatchers(publicRoute).permitAll().anyRequest().authenticated())
         .csrf(crsf -> crsf.disable())
diff --git a/src/main/java/com/andriawan/andresource/config/Swagger.java b/src/main/java/com/andriawan/andresource/config/Swagger.java
@@ -0,0 +1,52 @@
+package com.andriawan.andresource.config;
+
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.servers.Server;
+import java.util.Map;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@SecurityScheme(
+    name = "jwt",
+    type = SecuritySchemeType.HTTP,
+    bearerFormat = "JWT",
+    scheme = "bearer")
+@SecurityScheme(name = "basicAuth", type = SecuritySchemeType.HTTP, scheme = "basic")
+public class Swagger {
+
+  @Autowired GitInfo gitInfo;
+
+  @Value("${spring.application.name}")
+  String appName;
+
+  @Value("${app.description}")
+  String appDesc;
+
+  @Value("${app.summary}")
+  String appSummary;
+
+  @Bean
+  public OpenAPI custom() {
+    Server currentServer = new Server();
+    currentServer.url("/");
+    currentServer.setDescription("current");
+    String description =
+        String.format(
+            "%s. Last Update: %s. Last commit id: %s",
+            appDesc, gitInfo.lastUpdate, gitInfo.gitCommitHash);
+    Info info =
+        new Info()
+            .version(gitInfo.getVersion())
+            .title(appName)
+            .summary(appSummary)
+            .extensions(Map.of("test", "string"))
+            .description(description);
+    return new OpenAPI().addServersItem(currentServer).info(info);
+  }
+}
diff --git a/src/main/java/com/andriawan/andresource/controller/AuthController.java b/src/main/java/com/andriawan/andresource/controller/AuthController.java
@@ -1,6 +1,7 @@
 package com.andriawan.andresource.controller;
 
 import com.andriawan.andresource.service.TokenService;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import java.util.Map;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
@@ -14,11 +15,13 @@
 public class AuthController {
   @Autowired private TokenService tokenService;
 
+  @SecurityRequirement(name = "basicAuth")
   @PostMapping("/login")
   public ResponseEntity<Map<String, String>> authenticate(Authentication authentication) {
     return ResponseEntity.ok(tokenService.generateToken(authentication));
   }
 
+  @SecurityRequirement(name = "jwt")
   @PostMapping("/token/refresh")
   public ResponseEntity<Map<String, String>> refreshToken(Authentication authentication) {
     return ResponseEntity.ok(tokenService.generateToken(authentication));
diff --git a/src/main/java/com/andriawan/andresource/controller/UserController.java b/src/main/java/com/andriawan/andresource/controller/UserController.java
@@ -2,6 +2,8 @@
 
 import com.andriawan.andresource.entity.User;
 import com.andriawan.andresource.repository.UserRepository;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import java.security.Principal;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
@@ -10,12 +12,13 @@
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
+@SecurityRequirement(name = "jwt")
 @RequestMapping("/api/v1")
 public class UserController {
   @Autowired private UserRepository userRepository;
 
   @GetMapping("/users")
-  public ResponseEntity<List<User>> getAllUser() {
+  public ResponseEntity<List<User>> getAllUser(Principal principal) {
     List<User> users = userRepository.findAll();
     return ResponseEntity.ok(users);
   }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -26,3 +26,10 @@ jwt.refresh.expired.seconds=${JWT_REFRESH_EXPIRED_SECONDS:600}
 # AUTH
 auth.sample.user=${AUTH_SAMPLE_USER:admin}
 auth.sample.password=${AUTH_SAMPLE_USER:password}
+
+# APP
+app.description=${APP_DESCRIPTION:Sample Demo Apps}
+app.summary=${APP_SUMMARY:Sample Summary}
+
+# Swagger
+springdoc.swagger-ui.path=${SWAGGER_UI_PATH:}
