We were able to apply security tag for every example shown by swagger UI (version OpenAPI2 and version ApenAPI3). It makes Authorize button visible and offers basicAuth option. When user authorizes then every request send using swagger UI contains Authorization header with basic auth.

By default when (default ODL) basic shiro filter is used to secure both swagger UI and restconf interface user does not need to be authorized because session cookie is in place. But in situation when other filters are configured to be used (ODL allows to register additional filters) and basic shiro filter is turned off it allows to provide authorization header in the request as potentially required by that 3rd party filter.

This is especially useful when 3rd party filter does not provide login page in case of missing credentials (basic shiro filter prompts for credentials by default). In this case using Authorize button is the only possibility to authorize requests - otherwise they will get 401.

For now we have implemented basicAuth. Later we can add others methods as defined in https://swagger.io/docs/specification/authentication/ as well.