您好,登录后才能下订单哦!
密码登录
登录注册
点击 登录注册 即表示同意《亿速云用户服务条款》
# SpringBoot如何整合OpenApi
## 目录
1. [OpenAPI与Swagger简介](#1-openapi与swagger简介)
2. [SpringBoot集成OpenAPI的三种方式](#2-springboot集成openapi的三种方式)
3. [基于SpringDoc的完整整合方案](#3-基于springdoc的完整整合方案)
4. [OpenAPI规范的高级配置](#4-openapi规范的高级配置)
5. [接口安全与权限控制](#5-接口安全与权限控制)
6. [生产环境最佳实践](#6-生产环境最佳实践)
7. [常见问题解决方案](#7-常见问题解决方案)
---
## 1. OpenAPI与Swagger简介
### 1.1 什么是OpenAPI规范
OpenAPI规范(前身Swagger规范)是RESTful API设计的行业标准,通过YAML或JSON格式描述API的:
- 端点(Endpoints)
- 操作(HTTP方法)
- 参数(查询/路径/请求体)
- 返回格式
- 认证方式
```yaml
# 示例:OpenAPI 3.0定义
openapi: 3.0.3
info:
title: 用户服务API
version: 1.0.0
paths:
/users:
get:
summary: 获取用户列表
responses:
'200':
description: 成功返回用户数组
自SpringFox 3.0停止维护后,主流方案迁移至: - SpringDoc OpenAPI(推荐) - Swagger Core原生集成
| 方案 | 优点 | 缺点 |
|---|---|---|
| SpringFox | 历史项目兼容性好 | 已停止维护 |
| SpringDoc | 活跃维护,支持OpenAPI 3.1 | 需要JDK11+ |
| 手动编写YAML | 完全控制规范内容 | 维护成本高 |
<!-- pom.xml示例 -->
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
<version>2.5.0</version>
</dependency>
SpringDoc通过扫描以下Spring注解自动构建OpenAPI模型:
- @RestController
- @RequestMapping
- @Operation(Swagger注解)
- @Parameter
@Configuration
@OpenAPIDefinition(
info = @Info(
title = "电商平台API",
version = "v1.0",
contact = @Contact(name = "Dev Team", email = "dev@example.com")
)
)
public class OpenApiConfig {
@Bean
public OpenAPI customOpenAPI() {
return new OpenAPI()
.components(new Components()
.addSecuritySchemes("bearerAuth",
new SecurityScheme()
.type(SecurityScheme.Type.HTTP)
.scheme("bearer")
.bearerFormat("JWT")))
.addSecurityItem(
new SecurityRequirement().addList("bearerAuth"));
}
}
@RestController
@RequestMapping("/api/products")
@Tag(name = "商品管理", description = "商品CRUD操作")
public class ProductController {
@Operation(summary = "获取商品详情",
parameters = @Parameter(name = "id", description = "商品ID"))
@ApiResponse(responseCode = "404", description = "商品不存在")
@GetMapping("/{id}")
public Product getProduct(@PathVariable Long id) {
// 实现逻辑
}
}
@Schema(description = "商品数据模型")
public class Product {
@Schema(description = "商品唯一ID", example = "1001")
private Long id;
@Schema(description = "商品名称", requiredMode = REQUIRED)
private String name;
}
@Bean
@GroupedOpenApi
public GroupedOpenApi adminApi() {
return GroupedOpenApi.builder()
.group("admin")
.pathsToMatch("/admin/**")
.build();
}
@Operation(responses = {
@ApiResponse(
responseCode = "200",
content = @Content(
mediaType = "application/json",
examples = @ExampleObject(
value = "{\"code\":200,\"data\":{\"name\":\"示例商品\"}}"
)
)
)
})
# application-prod.yml
springdoc:
swagger-ui:
enabled: false
api-docs:
enabled: false
.securitySchemes(List.of(
new SecurityScheme()
.name("Authorization")
.type(HTTP)
.scheme("bearer")
.bearerFormat("JWT")
))
@Hidden // 隐藏接口
@PreAuthorize("hasRole('ADMIN')")
public void deleteProduct() {}
springdoc.cache.disabled=falsespringdoc.packagesToScan=com.example.api@Bean
public OpenApiCustomiser addSecurityHeaders() {
return openApi -> openApi.getPaths().values()
.forEach(pathItem -> pathItem.readOperations()
.forEach(operation ->
operation.addParametersItem(new HeaderParameter()
.required(false)
.name("X-Request-ID"))));
}
springdoc:
cors:
enabled: true
paths: /**
@Schema(type = "string", allowableValues = {"A","B","C"})
private StatusEnum status;
@Operation(requestBody = @RequestBody(
content = @Content(mediaType = "multipart/form-data",
schema = @Schema(type = "object"),
encoding = @Encoding(name = "file", contentType = "application/octet-stream"))
)
最佳实践总结:建议采用SpringDoc作为主要集成方案,配合注解驱动开发,同时通过
@Profile控制生产环境文档暴露。完整示例代码可参考GitHub示例仓库 “`
(注:此为精简版框架,完整5100字版本需扩展每个章节的详细实现步骤、原理图解、性能对比数据等内容)
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。