How to configure Spring Security to allow Swagger URL to be accessed without authentication
整合 Security 和 Swagger。
配置Security Swagger API 访问。
项目采用了SpringBoot 做服务端,Swagger 做API 管理,遇到了API不能访问,查找资料解决
https://stackoverflow.com/questions/37671125/how-to-configure-spring-security-to-allow-swagger-url-to-be-accessed-without-aut
在WebSecurityConfigurerAdapter 中添加Swagger访问授权。
Swagger 需要授权的路径
private static final String[] AUTH_WHITELIST = {
// -- swagger ui
"/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/configuration/ui",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**"
// other public endpoints of your API may be appended to this array
};
@Override protected void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests()
// 添加授权 .antMatchers(AUTH_WHITELIST).permitAll() .anyRequest().authenticated() // 所有请求需要身份认证 .and() .addFilter(new JWTLoginFilter(authenticationManager())) .addFilter(new JWTAuthenticationFilter(authenticationManager())); }