I have this Spring configuration and OAuth2:
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID = "resource-server-rest-api";
private static final String SECURED_READ_SCOPE = "#oauth2.hasScope('read')";
private static final String SECURED_WRITE_SCOPE = "#oauth2.hasScope('write')";
private static final String SECURED_PATTERN = "/api/**";
private static final String PUBLIC_PATTERN = "/api/*/public/**";
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.anonymous()
.and()
.requestMatchers()
.antMatchers(SECURED_PATTERN)
.and().authorizeRequests()
.antMatchers(PUBLIC_PATTERN).permitAll()
.antMatchers(HttpMethod.POST, SECURED_PATTERN).access(SECURED_WRITE_SCOPE)
.anyRequest().access(SECURED_READ_SCOPE);
}
}
Now I want to add Swagger to my project. I configured a SwaggerController:
@Controller //note - this is a spring-boot controller, not @RestController
public class SwaggerController {
public static final String SWAGGER_URL = "/api/v1/public/swagger/docs";
public static final String SWAGGER_HTML = "/swagger-ui.html";
@RequestMapping(SWAGGER_URL)
public String home() {
return "redirect:" + SWAGGER_HTML;
}
}
The problem is that I cannot make the "/swagger-ui.html" path not to trigger the Spring Login. I tried this (note that I added antMatchers for the Swagger html):
@Override
public void configure(HttpSecurity http) throws Exception {
http
...
.and().authorizeRequests()
.antMatchers(PUBLIC_PATTERN).permitAll()
.antMatchers("/swagger-ui.htm").permitAll()// No authentication
... }
But it did not work. How do I need to configure the HttpSecurity?
So the swagger home page should redirect to /swagger-ui.html
?
If yes, you have a typo when configuring HttpSecurity
, which you only type htm only. So change to :
.antMatchers("/swagger-ui.html").permitAll()
On the other hand , if the swagger home page is /swagger-ui.htm
. Then you change the SWAGGER_HTML
in your controller to :
public static final String SWAGGER_HTML = "/swagger-ui.htm";
Add this override:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(SWAGGER_URL)
.antMatchers(SWAGGER_HTML);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.