Skip to main content
 首页 » 编程设计

spring-mvc之如何配置 Spring Security 以允许无需身份验证即可访问 Swagger URL

2024年02月27日24yxwkf

我的项目有 Spring Security。 主要问题:无法访问 swagger URL http://localhost:8080/api/v2/api-docs 。它显示缺少或无效的授权 header 。

Screenshot of the browser window 我的 pom.xml 有以下条目

<dependency> 
    <groupId>io.springfox</groupId> 
    <artifactId>springfox-swagger2</artifactId> 
    <version>2.4.0</version> 
</dependency> 
 
<dependency> 
    <groupId>io.springfox</groupId> 
    <artifactId>springfox-swagger-ui</artifactId> 
    <version>2.4.0</version> 
</dependency> 

Swagger配置:

@Configuration 
@EnableSwagger2 
public class SwaggerConfig { 
 
@Bean 
public Docket api() { 
    return new Docket(DocumentationType.SWAGGER_2).select() 
            .apis(RequestHandlerSelectors.any()) 
            .paths(PathSelectors.any()) 
            .build() 
            .apiInfo(apiInfo()); 
} 
 
private ApiInfo apiInfo() { 
    ApiInfo apiInfo = new ApiInfo("My REST API", "Some custom description of API.", "API TOS", "Terms of service", "myeaddress@company.com", "License of API", "API license URL"); 
    return apiInfo; 
} 

应用程序配置:

@Configuration 
@EnableWebMvc 
@ComponentScan(basePackages = { "com.musigma.esp2" }) 
@Import(SwaggerConfig.class) 
public class AppConfig extends WebMvcConfigurerAdapter { 
 
// ========= Overrides =========== 
 
@Override 
public void addInterceptors(InterceptorRegistry registry) { 
    registry.addInterceptor(new LocaleChangeInterceptor()); 
} 
 
@Override 
public void addResourceHandlers(ResourceHandlerRegistry registry) { 
    registry.addResourceHandler("swagger-ui.html") 
      .addResourceLocations("classpath:/META-INF/resources/"); 
 
    registry.addResourceHandler("/webjars/**") 
      .addResourceLocations("classpath:/META-INF/resources/webjars/"); 
} 

web.xml 条目:

<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
        com.musigma.esp2.configuration.AppConfig 
        com.musigma.esp2.configuration.WebSecurityConfiguration 
        com.musigma.esp2.configuration.PersistenceConfig 
        com.musigma.esp2.configuration.ACLConfig 
        com.musigma.esp2.configuration.SwaggerConfig 
    </param-value> 
</context-param> 

网络安全配置:

@Configuration 
@EnableWebSecurity 
@EnableGlobalMethodSecurity(prePostEnabled = true) 
@ComponentScan(basePackages = { "com.musigma.esp2.service", "com.musigma.esp2.security" }) 
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { 
@Override 
    protected void configure(HttpSecurity httpSecurity) throws Exception { 
        httpSecurity 
        .csrf() 
            .disable() 
        .exceptionHandling() 
            .authenticationEntryPoint(this.unauthorizedHandler) 
            .and() 
        .sessionManagement() 
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS) 
            .and() 
        .authorizeRequests() 
            .antMatchers("/auth/login", "/auth/logout").permitAll() 
            .antMatchers("/api/**").authenticated() 
            .anyRequest().authenticated(); 
 
        // custom JSON based authentication by POST of {"username":"<name>","password":"<password>"} which sets the token header upon authentication 
        httpSecurity.addFilterBefore(loginFilter(), UsernamePasswordAuthenticationFilter.class); 
 
        // custom Token based authentication based on the header previously given to the client 
        httpSecurity.addFilterBefore(new StatelessTokenAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class); 
    } 
} 

请您参考如下方法:

将其添加到您的 WebSecurityConfiguration 类中应该可以解决问题。

@Configuration 
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { 
 
    @Override 
    public void configure(WebSecurity web) throws Exception { 
        web.ignoring().antMatchers("/v2/api-docs", 
                                   "/configuration/ui", 
                                   "/swagger-resources/**", 
                                   "/configuration/security", 
                                   "/swagger-ui.html", 
                                   "/webjars/**"); 
    } 
 
}