[英]Spring Disable Swagger-ui for production
I know how to disable swagger for production - i only need to add annotation @Profile(":prod") in configuration class:我知道如何为生产禁用 swagger - 我只需要在配置类中添加注释 @Profile(":prod") :
@Configuration
@EnableSwagger2
@RequiredArgsConstructor
@Profile("!prod")
public class SwaggerConfig {
result of adding annotation But the result is, that the swagger-ui.html still is available in browser, only its empty.添加注释的结果但是结果是,swagger-ui.html 在浏览器中仍然可用,只是它是空的。 I wonder is there solution to disable it fully, so the page will not load?我想知道有没有完全禁用它的解决方案,所以页面不会加载?
this could be simply done with spring-security by blocking the url for the production environment.这可以通过在生产环境中阻止 url 来简单地使用 spring-security 完成。 Please try:请试试:
Add dependency (if you are using spring-boot) to pom.xml:将依赖项(如果您使用的是 spring-boot)添加到 pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Add configuration file:添加配置文件:
@Configuration
@Profile("prod")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**/swagger-ui.html").denyAll();
}
}
It will send 403 forbidden status.它将发送 403 禁止状态。
Okey @zpavel its good solution, thank you. Okey @zpavel 很好的解决方案,谢谢。 I just already had such spring security configuration, and when i added yours, i got error "@Order on WebSecurityConfigurers must be unique.", so i added to one class @Order(1), and to the other one @Order(2).我刚刚已经有了这样的 spring 安全配置,当我添加你的安全配置时,我收到错误“WebSecurityConfigurers 上的@Order 必须是唯一的。”,所以我添加到一个 class @Order(1) 和另一个 @Order(2 )。 Unfortunately the.antMatchers("/**/swagger-ui.html").denyAll();不幸的是.antMatchers("/**/swagger-ui.html").denyAll(); denied all request even those who were not swagger calls, i don't know why.拒绝所有请求,即使那些不是 swagger 呼叫的人,我也不知道为什么。
Hovewer i modified Your solution and it worked for me:但是我修改了您的解决方案,它对我有用:
@Value("${spring.profiles.active}")
private String activeProfile;
@Override
public void configure(HttpSecurity http) throws Exception {
if(activeProfile.equals("prod")){
http.authorizeRequests()
.antMatchers("/something").permitAll()
.antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**").denyAll()
.antMatchers("/something").permitAll()
.anyRequest().authenticated();
} else {
http.authorizeRequests()
.antMatchers("/something").permitAll()
.antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**").permitAll()
.antMatchers("/something").permitAll()
.antMatchers("/something").permitAll()
.anyRequest().authenticated();
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.