I have swagger plugged in to my spring boot application. Spring boot allows you to have property files for each environment that you have. Is there a way to disable swagger for a production environment?
Put your swagger configuration into separate configuration class and annotate it with @Profile
annotation -> so that it will be scanned into Spring context only in certain profiles.
Example:
@Configuration
@EnableSwagger2
@Profile("dev")
public class SwaggerConfig {
// your swagger configuration
}
You can than define profile your Spring Boot app is operating in via command line: --spring.profiles.active=dev
or via config file: spring.profiles.active=dev
.
Read this section of Spring Boot docs for more info about @Profile
If you are working on multiple environments then you can also use @Profile as array
@Configuration
@EnableSwagger2
@Profile({"dev","qa"})
public class SwaggerConfig {
// your swagger configuration
}
with swagger 3.0.0 version you can add springfox.documentation.enabled=false
in corresponding environment profile application.properties
file. For example, I have added this to application-prod.properties
to disable in production (while running the app you must specify the profile using VM args like -Dspring.profiles.active=prod
)
This is my configuration class:
@Configuration
@Profile("swagger")
@EnableSwagger2
public class SwaggerConfig {
@Value("${info.build.version}")
private String buildVersion;
@Bean
public Docket documentation() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.any())
.paths(regex("/rest/.*"))
.build()
.pathMapping("/")
.apiInfo(metadata());
}
private ApiInfo metadata() {
return new ApiInfoBuilder()
.title("API documentation of our App")
.description("Use this documentation as a reference how to interact with app's API")
.version(buildVersion)
.contact(new Contact("Dev-Team", "https://dev-website", "dev@mailbox"))
.build();
}
}
Wherever I need Swagger, I add the profile swagger
to the environment variable SPRING_PROFILES_ACTIVE
In addition to the answers configuring Spring using a profile , consider having rules on your reverse HTTP proxy to block access to the Swagger end points from outside the LAN. That would give you some defence in depth against attacks on the Swagger end points.
For those that use code gen (which generates Swagger2SpringBoot):
Done.
have configuration for env
@Configuration
@EnableSwagger2
@Profile("devone")
application.yaml
profiles: active: ${MY_ENV:devone}
MY_ENV you will read from file, like .env
.env file content: MY_ENV=prod
In the production keep other .env file only for production credentials.
An old question, but if you are using SpringDoc v1.2.12+:
springdoc.swagger-ui.enabled=false
springdoc.api-docs.enabled=false
From: https://github.com/springdoc/springdoc-openapi/issues/191#issuecomment-558809236
spring.profiles.active=production with @Profile("!production") worked for me to turn off swagger in prod.
Ex :-
@Profile("!production")
@Component
@EnableSwagger2
public class SwaggerConfig {
//TODO
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.