Make Spring Boot / Security login-endpoint automatically visible in SwaggerUI?

[retrofreak83]

I have implemented a REST API using Spring Boot and a running OpenAPI documentation using SpringDoc.

The authentication is done without OAuth, but using Spring Secutiry and JWT/JWS. So, there is the "login"-endpoint automagically provided by Spring.

Using SecurityScheme, I enabled authentication for SwaggerUI:

        new SecurityScheme ().name (securitySchemeName)
          .type (SecurityScheme.Type.HTTP)
          .scheme ("bearer")
          .bearerFormat ("JWT")))

This works fine so far, meaning, as long as the user already has his Base64-encoded JWT at hand, he can use it to login and use SwaggerUI to issue authenticated requests.

But: to do this, he must first issue a login request "out of band", via a curl request for example, to authenticate and retrieve the JWT. is there a way to also have the login endpoint as part of the SwaggerUI automatically (i.e. in a generated way), so that it can also be used by the user to conveniently log in?

[bnasslahsen]

@retrofreak83,

Please add a minimal sample project, which reproduces your current application configuration using spring-security+JWT authentification+springdoc-openapi, so we can see what can be done for this context.

[retrofreak83]

Here it is.
The project has working SwaggerUI and one REST endpoint. You can successfully retrieve a valid JWT by authenticating against the login endpoint automagically provided by Spring:

curl -i -H "Content-Type: application/json" -X POST -d 
								'{                
                                     "username": "demouser",
                                     "password": "secret"
                                 }' http://localhost:8080/login

SwaggerUI is configured in application.properties and available here: localhost:8080/swagger/swagger-ui.html.
demo.zip

[abccbaandy]

This feature will add user/password in json body, but default spring security formLogin() use form body.

Is there any way we can support it too?

[bnasslahsen]

@abccbaandy,

This ticket is already resolved and available on the last release.

[abccbaandy]

@abccbaandy,

This ticket is already resolved and available on the last release.

How? I don't find any information about it.

[retrofreak83]

How? I don't find any information about it.

There is nothing to be documented since it is all about that the documentation is automatically enhanced by that endpoint.

Nevertheless, you can find documentation about switching that mechanism on / off here (springdoc.show-login-endpoint): https://springdoc.org/#properties

[bnasslahsen]

How? I don't find any information about it.

There is nothing to be documented since it is all about that the documentation is automatically enhanced by that endpoint.

Nevertheless, you can find documentation about switching that mechanism on / off here: https://springdoc.org/#properties

If you just have a look at the changelog:

• https://github.com/springdoc/springdoc-openapi/blob/master/CHANGELOG.md

Or simply the release notes:

• https://github.com/springdoc/springdoc-openapi/releases/tag/v1.4.5

[abccbaandy]

How? I don't find any information about it.

There is nothing to be documented since it is all about that the documentation is automatically enhanced by that endpoint.

Nevertheless, you can find documentation about switching that mechanism on / off here (springdoc.show-login-endpoint): https://springdoc.org/#properties

I know springdoc.show-login-endpoint.

But enable this config will add a fixed format(json body) for swagger-ui, which is not compatible with default spring security, because formLogin() use form body.

like I said in my first comment

[sparrowV]

@bnasslahsen Im suing version 1.5.2, but login url is not displayed at all

[bnasslahsen]

@sparrowV,

You can provide a Minimal, Reproducible Example - with HelloController, with the link to your repository that reproduces your problem.