[英]Swagger 3.0.0: Can't disable in production without SwaggerConfig and @Profile
[英]How do you disable authentication entirely for Swagger 3.0.0 using the WebFluxConfigurer?
如果我遗漏了一些重要信息,我深表歉意,因为我对这些库没有经验。 随意询问他们::)
我正在使用 Spring Boot 2.3.2.RELEASE
和 Spring Cloud Hoxton.SR6
和 Springfox 3.0.0
。 我使用的安全性是spring-boot-starter-security
。 以下是相关的pom.xml
依赖项:
pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-boot-starter</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>${springfox.version}</version>
</dependency>
我在Application
上使用以下注释:
@EnableWebFlux
@EnableDiscoveryClient
@SpringBootApplication
这是我的SwaggerResourceProvider
的示例:
return () -> Stream.of(
swaggerResource("Commander", "/docs/commander", "1.0"),
...
swaggerResource("Querier", "/docs/querier", "3.0")
).collect(Collectors.toList());
这是我的SwaggerResource
:
private SwaggerResource swaggerResource(String name, String location, String serviceHighestVersion) {
SwaggerResource swaggerResource = new SwaggerResource();
swaggerResource.setName(name);
swaggerResource.setLocation(location);
swaggerResource.setSwaggerVersion(serviceHighestVersion);
return swaggerResource;
}
这是我的SecurityConfig
:
@EnableSwagger2
public class SecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
ServerHttpSecurity http_ = http
.csrf().disable()
.cors().disable()
.httpBasic().disable();
http_
.authorizeExchange()
.pathMatchers(
"/v2/api-docs",
"/swagger-resources/**",
"/swagger-ui.html**",
"/webjars/**",
"/swagger-ui/**",
"favicon.ico"
)
.permitAll()
.anyExchange()
.permitAll();
return http_.build();
}
@Bean
public ReactiveAuthenticationManager authManager() {
return (authentication) -> {
authentication.setAuthenticated(false);
return Mono.just(authentication);
};
}
最后(我认为)是WebFluxConfigurer
:
public class SwaggerUiWebFluxConfigurer implements WebFluxConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/swagger-ui.html**")
.addResourceLocations("classpath:/META-INF/resources/");
registry.addResourceHandler("/webjars/**")
.addResourceLocations("classpath:/META-INF/resources/webjars/");
}
@Bean
public Docket restApi() {
return new Docket(DocumentationType.SWAGGER_2)
.apiInfo(apiInfo())
.genericModelSubstitutes(Optional.class)
.select()
.paths(PathSelectors.any())
.apis(RequestHandlerSelectors.any())
.build()
.useDefaultResponseMessages(false);
}
@Bean
UiConfiguration uiConfig() {
return UiConfigurationBuilder.builder()
.docExpansion(DocExpansion.LIST)
.build();
}
private ApiInfo apiInfo() {
return new ApiInfoBuilder()
.title("Workflow Services")
.description("Workflow Services API Description")
.contact(
new Contact(
"My Team",
"https://moo.com",
"hello@there.com"))
.version("1.0.0")
.build();
}
}
我 go 到 http://localhost:8080/swagger-ui 并被转发到 http://localhost:8080/login
我只想禁用 swagger 的安全性。 有什么帮助吗?
就用这个,
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/v2/api-docs",
"/configuration/ui",
"/swagger-resources/**",
"/configuration/security",
"/swagger-ui/**",
"/swagger-ui",
"/webjars/**");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.