'Spring Oauth2 resource server skip swagger URL - Open API
I need help in skipping the swagger URL from security configuration. I tried every solution out there in stackoverflow. Below is my current configuration. I am getting 401 when trying to open the swagger URL
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final String[] AUTH_WHITELIST = {
"/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/configuration/ui",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**",
"/v3/api-docs/**",
"/swagger-ui/**", "/configuration/**", "/swagger-ui.html"
};
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
cors().disable().csrf().disable().
authorizeRequests()
.antMatchers(AUTH_WHITELIST).permitAll()
.anyRequest().authenticated()
.and()
.oauth2ResourceServer()
.jwt();
}}
Below is my OpenAPI configuration
@Configuration
@OpenAPIDefinition(servers = { @Server(url = "/", description = "Default Server URL") })
public class SwaggerConfig {
@Bean
public OpenAPI customOpenAPI(@Value("${application-description") String appDesciption,
@Value("${application-version:1.0.0}") String appVersion) {
Contact contact = new Contact();
contact.setEmail("www.abc.com");
contact.setName("abc");
return new OpenAPI()
.info(new Info()
.title("ABC Cloud Application API")
.version(appVersion)
.description(appDesciption)
.contact(contact));
}
}
I am using spring-boot version 2.5.8 and open API version springdoc-openapi-ui:1.5.13
Solution 1:[1]
Try this. In tomcat we need to add WebSecurity
private static final String[] AUTH_WHITELIST = {
"help/**", "swagger**", "swagger-resources/**", "v2/**", "webjars/**"
};
@Override public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(HttpMethod.GET, AUTH_WHITELIST);
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | kvk95 |