Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Swagger and Spring Security

0
0

If your project uses Spring Security and you have added Swagger to it then there is a little of additional configuration you need to do to make your /v2/api-docs and swagger-ui.html pages work.

Enable Swagger URLs in Spring Security Project

To enable Swagger URLs in a RESTful Web Services project build with Spring Boot and Spring Security Framework, make the following configuration to your Java classwhich extends the WebSecurityConfigurerAdapter and which is annotated with @EnableWebSecurity annotation.

.antMatchers("/v2/api-docs", "/configuration/**", "/swagger*/**", "/webjars/**")
.permitAll()
.anyRequest().authenticated()

below is an example of my WebSecurityJava class with the needed configuration to enable Swagger URLs.

package com.appsdeveloperblog.app.ws.security;
import com.appsdeveloperblog.app.ws.service.UserService;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
private final UserService userDetailsService;
private final BCryptPasswordEncoder bCryptPasswordEncoder;
public WebSecurity(UserService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
this.userDetailsService = userDetailsService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().
authorizeRequests()
.antMatchers(HttpMethod.POST, SecurityConstants.SIGN_UP_URL)
.permitAll()
.antMatchers("/v2/api-docs", "/configuration/**", "/swagger*/**", "/webjars/**")
.permitAll()
.anyRequest().authenticated().and()
.addFilter( new AuthenticationFilter(authenticationManager()) )
.addFilter( new AuthorizationFilter( authenticationManager() ))
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.headers().frameOptions().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
}

Once you add the above-mentioned antMatchers to yourWebSecurityJava class it should help you to get the /v2/api-docs and swagger-ui.html pages start working. When opening the above URLs do not forget to include the application path you have it configured in your application.properties file. For example, if your application properties file has the following entry:

server.servlet.context-path=/mobile-app-ws
server.port=8888

then you will need to open the /v2/api-docs or the swagger-ui.htm pages this way:

http://localhost:8888/mobile-app-ws/swagger-ui.html

and

http://localhost:8888/mobile-app-ws/v2/api-docs

If you are confused about other details on how to add Swagger to your Spring Boot application have a look at my other tutorial How to Add Swagger to a Spring Boot REST API Project .

To learn more about Swagger and how to work with it, have a look at the below video courses which teach Swagger.


Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles





Latest Images