如何解决使用 Spring Security 启用 Swagger springdoc-openapi-ui (OpenAPI 3.0) - 无法访问 swagger-ui.html (401)
Swagger OpenAPI 3.0 正在使用 springdoc-openapi-ui 和自定义 OpenAPI Bean。
pom.xml
<parent>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-parent</artifactId>
<version>Hoxton.SR10</version>
</parent>
...
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.5.5</version>
</dependency>
SwaggerConfig:
相同配置下spring-security的问题
我们在使用 springdoc-openapi-ui、springdoc-openapi-security 与 spring-boot-starter-security 和 keycloak-spring-boot-starter 时遇到问题。
pom.xml
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-security</artifactId>
<version>1.5.5</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>12.0.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>2.4.2</version>
</dependency>
DummySecurityConfig(当前使用配置文件 dev):
@Profile({"test","dev"})
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
prePostEnabled = true,securedEnabled = true,jsr250Enabled = true)
@EnableWebMvc
public class DummySecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {
protected static final String[] ACTUATOR_WHITELIST = {
"/actuator/**"
};
protected static final String[] SWAGGER_WHITELIST = {
"/v3/api-docs/**","/swagger-ui/**","/swagger-ui.html",};
@Value("${client.cors.allowed-origins:*}")
private String[] allowedOrigins;
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/v3/api-docs/**","/swagger-ui.html").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic(); //or anything else,e.g. .oauth2ResourceServer().jwt()
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(authenticationProvider());
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers(SWAGGER_WHITELIST)
.antMatchers(ACTUATOR_WHITELIST);
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins(allowedOrigins);
}
@Bean
public AuthenticationProvider authenticationProvider() {
AuthenticationProvider authenticationProvider = new AuthenticationProvider() {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_" + authentication.getPrincipal().toString().toupperCase());
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
authentication.getPrincipal(),authentication.getCredentials(),Collections.singleton(authority));
token.setDetails(authentication);
return token;
}
@Override
public boolean supports(Class<?> aClass) {
return true;
}
};
return authenticationProvider;
}
}
SecurityConfig(示例中未使用,但将来也会使用):
@Profile({"staging","devstaging"})
@KeycloakConfiguration
@EnableGlobalMethodSecurity(
prePostEnabled = true,jsr250Enabled = true)
@EnableWebMvc
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter implements WebMvcConfigurer {
protected static final String[] ACTUATOR_WHITELIST = {
"/actuator/**"
};
protected static final String[] SWAGGER_WHITELIST = {
"/v3/api-docs/**",};
@Value("${client.cors.allowed-origins:*}")
private String[] allowedOrigins;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
SimpleAuthorityMapper grantedAuthorityMapper = new SimpleAuthorityMapper();
grantedAuthorityMapper.setConverttoupperCase(true);
grantedAuthorityMapper.setPrefix("ROLE_");
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(grantedAuthorityMapper);
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers(SWAGGER_WHITELIST)
.antMatchers(ACTUATOR_WHITELIST);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable()
.cors().and()
.authorizeRequests().anyRequest().authenticated();
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins(allowedOrigins);
}
}
application-dev.yml:
server:
port: 8083
servlet:
context-path: /planning
keycloak:
enabled: false
springdoc:
show-actuator: true
- Spring security support
- Allow anonymous access to springdoc-openapi-ui with Spring Security
- Swagger UI redirecting to /swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config
- F.A.Q
打开 swagger-ui URL 的例子(profile dev):
http://localhost:8083/planning/swagger-ui.html(不起作用):
应用代码片段:
2021-03-05 09:27:01,530 [http-nio-8083-exec-1] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [/planning] threw exception [Could not resolve view with name 'redirect:/swagger-ui/index.html?configUrl=/planning/v3/api-docs/swagger-config' in servlet with name 'dispatcherServlet'] with root cause
javax.servlet.servletexception: Could not resolve view with name 'redirect:/swagger-ui/index.html?configUrl=/planning/v3/api-docs/swagger-config' in servlet with name 'dispatcherServlet'
at org.springframework.web.servlet.dispatcherServlet.render(dispatcherServlet.java:1373)
at org.springframework.web.servlet.dispatcherServlet.processdispatchResult(dispatcherServlet.java:1138)
at org.springframework.web.servlet.dispatcherServlet.dodispatch(dispatcherServlet.java:1077)
at org.springframework.web.servlet.dispatcherServlet.doService(dispatcherServlet.java:962)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
http://localhost:8083/planning/swagger-ui/index.html?configUrl=/planning/v3/api-docs/swagger-config(有效但很复杂):
http://localhost:8083/planning/swagger-ui/index.html(手动添加 api-docs "/planning/v3/api-docs" 也可以):
您有什么想法可能是配置错误或我们应该更改什么吗?我们处于拉丁语的尽头。
解决方法
正如日志所说,Could not resolve view with name 'redirect:/swagger-ui/index.html?configUrl=**/planning/v3/api-docs/swagger-config'**。
在您的网络安全配置中,您只能访问 /v3/api-docs/。
尝试添加 /planning/ 或修改路径。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
