I have a rest api made in Spring and I use Swagger for documentation. Token-based authentication has recently been implemented. In this case, there are (internal) user roles (permissions). Each controller is annotated with several Swagger annotations and @PreAuthorize(some roles..)as follows:
@ApiOperation("Delete user")
@ApiResponses(value = {
@ApiResponse(code = 404, message = "User not found", response = ErrorResponse.class)
})
@PreAuthorize("hasAuthority('ADMIN')")
@DeleteMapping(value = "/{id}")
public ResponseEntity<?> deleteUser(@PathVariable UUID id) {
userService.delete(id);
return ResponseEntity.ok().build();
}
Now I have no idea how I can display these roles in my roles, so each endpoint has information about what user role is required to access it. I surfed the internet and found only some really foggy information, most of which was not relevant to Spring at all.
:
: @ApiOperation(value = "Delete user", notes = "Required roles: ADMIN, USER") , .