Given a Spring Boot application has OAUTH enabled, how can I make the swagger-ui visible?
Question
I have a Spring Boot application that uses the /oauth/token endpoint to get security tokens for RESTful api calls.
The goal is to access Swagger-UI page without having to authenticate or authorize; ie make it public. I would like the future user to be able to see the swagger-ui page, get a token, and then make RESTful API calls using that token.
But first, I am having problem allowing an unauthorized user access to the swagger-ui. I have several changes to the OAuth2SecurityConfiguration trying to allow the UI page to appear.
I would expect a swagger-ui page to appear, but instead, I get a page saying the resource is not available.
The POM of the application looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.2.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>net.esc20</groupId>
<artifactId>lms</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>test01</name>
<description>Demo integration</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.spybase</groupId>
<artifactId>sybase-webmvc</artifactId>
<version>1.0.5.RELEASE</version>
<scope>system</scope>
<systemPath> ${pom.basedir}/jar/jconn4.jar</systemPath>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>1.0.0.GA</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>4.0.2.GA</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.0.10.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.commons/commons-io -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-io</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.6</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-dbcp</artifactId>
<version>9.0.11</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Adding dependencies for Swagger -->
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-boot-starter</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>3.0.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
Here is the WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity(debug = true)
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private Environment env;
@Autowired
@Qualifier("dataSource")
private DataSource dataSource;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("xxxxxx").roles("ADMIN").and().withUser("canvas")
.password("xxxxx!").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.anonymous()
.disable()
.authorizeRequests()
.antMatchers("/oauth/token", "/v2/api-docs", "/configuration/**", "/swagger*/**", "/webjars/**")
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/", "/swagger-ui.html")
.permitAll();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
// Activates persistent token storage
@Bean
public TokenStore tokenStore() throws SQLException {
System.out.println(
"Setting token store!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
return new InMemoryTokenStore();
// System.out.println("Setting token store!!!!!: " + new
// JdbcTokenStore(dataSource()));
// return new JdbcTokenStore(dataSource);
}
@Bean
@Autowired
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
return handler;
}
@Bean
@Autowired
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
}
And here is the Swagger config file I am using ->
@Configuration
public class SwaggerConfig {
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.any())
.paths(PathSelectors.any())
.build();
}
private ApiInfo getApiInfo() {
return new ApiInfo(
"TITLE",
"DESCIPRION",
"VERSION",
"TERMS OF SERVICE URL",
new Contact("NAME","URL","EMAIL"),
"LICENSE",
"LICENSE URL",
null
);
}
}
When I try to access swagger ui, I get this
1 answers
solution1
0 2021-01-19 19:20:25
Try to override configure method in your OAuth2SecurityConfiguration which accept argument with WebSecurity type and do all what you need.
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/here-your-ignoring-path");
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How I Disabled Swagger-UI in Production in Spring Boot Project
How to fully disable swagger-ui in spring-boot?(/swagger-ui.html should return 404)
How to make api's in swagger ui authenticated in Spring Boot Application
Swagger-ui blank white screen (Spring Boot - Swagger)
How can I hide a specific method in swagger-ui?
Spring boot application, swagger-ui ApiInfo() method deprecated. Need Alternative
Spring Boot: Swagger-UI white label error
How to configure oAuth2 with password flow with Swagger ui in spring boot rest application
Spring Swagger-ui integration
Swagger-ui with Spring security
Related Tags