springboot 安全 swagger springfox-boot-starter

如何解决springboot 安全 swagger springfox-boot-starter

pom.xml

<!-- swagger -->
<dependency>
    <groupId>io.springfox</groupId>
    <artifactId>springfox-boot-starter</artifactId>
    <version>3.0.0</version>
</dependency>

spring-security 配置

protected void configure(HttpSecurity httpSecurity) throws Exception {

        String[] SWAGGERS = {
                "/swagger/**","/v3/**"
        };

        httpSecurity
                .authorizeRequests(expressionInterceptUrlRegistry ->
                        expressionInterceptUrlRegistry
                                // 放行 druid 页面
                                .antMatchers("/zhy-druid/**").permitAll()
                                .antMatchers(SWAGGERS).anonymous()
                                .anyRequest().authenticated()
                );

        httpSecurity
                .formLogin(httpSecurityformLoginConfigurer ->
                        httpSecurityformLoginConfigurer
                                .loginPage("/authentication")
                                .successHandler(accountAuthenticationSuccessHandler)
                                .failureHandler(accountAuthenticationFailureHandler)
                );

        httpSecurity
                .logout(httpSecuritylogoutConfigurer ->
                        httpSecuritylogoutConfigurer
                                .logoutUrl("/cancellation")
                                .logoutSuccessHandler(accountlogoutSuccessHandler)
                );

        httpSecurity
                .exceptionHandling(httpSecurityExceptionHandlingConfigurer ->
                        httpSecurityExceptionHandlingConfigurer
                                .authenticationEntryPoint(accountAuthenticationEntryPointHandler)
                                .accessDeniedHandler(accountAccessDeniedHandler)
                );

        httpSecurity
                .cors();

        httpSecurity
                .csrf()
                .disable();
    }

application-local.yml

springfox:
  documentation:
    enabled: true
    swagger-ui:
      base-url: /swagger

我得到了这个结果。

无法呈现此定义提供的定义未指定有效的版本字段。

请指明有效的 Swagger 或 OpenAPI 版本字段。支持的版本字段有 swagger: 2.0 和匹配 openapi: 3.0.n 的字段（例如 openapi: 3.0.0）。

解决方法

Openapi 是最新的库，推荐用于 Spring Boot 应用程序。这是 swagger 的下一个版本。

在您的应用程序中为工作 openapi 添加以下代码。

pom.xml

<dependency>
    <groupId>org.springdoc</groupId>
    <artifactId>springdoc-openapi-ui</artifactId>
    <version>1.2.32</version>
</dependency>

Spring-Security 配置为允许打开 api url。

@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    
    @Autowired
    private UserServiceImpl userServiceImpl;
    
    @Bean
    BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
                .authorizeRequests()
                    .antMatchers(SecurityConstants.SIGN_UP_URL).permitAll()
                    .antMatchers("/swagger-ui/**").permitAll()
                    .antMatchers("/v3/**").permitAll()
                    .antMatchers("/api-docs.html").permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilter(new AuthorizationFilter(authenticationManager()))
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}

application.yml

springdoc:
  swagger-ui.path: /api-docs.html