How to configure Spring Security to allow Swagger URL to be accessed without authentication

整合 Security 和 Swagger。

配置Security Swagger API 访问。

项目采用了SpringBoot 做服务端,Swagger 做API 管理,遇到了API不能访问,查找资料解决

https://stackoverflow.com/questions/37671125/how-to-configure-spring-security-to-allow-swagger-url-to-be-accessed-without-aut

在WebSecurityConfigurerAdapter 中添加Swagger访问授权。

Swagger 需要授权的路径

private static final String[] AUTH_WHITELIST = {
// -- swagger ui
"/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/configuration/ui",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**"
// other public endpoints of your API may be appended to this array
};


@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests()
          // 添加授权
                .antMatchers(AUTH_WHITELIST).permitAll()
                .anyRequest().authenticated()  // 所有请求需要身份认证
                .and()
                .addFilter(new JWTLoginFilter(authenticationManager()))
                .addFilter(new JWTAuthenticationFilter(authenticationManager()));
    }

 

posted on 2018-03-15 15:47  darkcode  阅读(221)  评论(0编辑  收藏  举报

Powered by: 博客园 Copyright © 2024 darkcode
Powered by .NET 8.0 on Kubernetes