imbajin commented on code in PR #2360:
URL:
https://github.com/apache/incubator-hugegraph/pull/2360#discussion_r1402954612
##########
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java:
##########
@@ -72,7 +72,8 @@ public class AuthenticationFilter implements
ContainerRequestFilter {
private static final List<String> WHITE_API_LIST = ImmutableList.of(
"auth/login",
- "versions"
+ "versions",
+ "openapi.json"
Review Comment:
we add swagger file to white_list by default to allow normal users to check
the api & not locked by auth
##########
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/server/ApplicationConfig.java:
##########
@@ -44,16 +44,25 @@
import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.info.Contact;
import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
import jakarta.ws.rs.ApplicationPath;
+@SecurityScheme(
+ name = "basic",
+ type = SecuritySchemeType.HTTP,
+ scheme = "basic"
+)
Review Comment:
TODO: if users need `token` mode in future, we could add the option like
this (now we just enable basic auth)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
