0

I am using the springdoc-openapi-ui. When I load my swagger page, spring-security is called for all the API at the time of loading swagger UI. I have spring security in place. My expectation is security should be called when I try to hit the particular API from swagger.

My swagger UI link looks like below

'http://localhost:8080/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config'

When I was using the springfox-swagger-ui that time it was working as expected. recently I have migrated to springdoc-openapi-ui.

SSK
  • 3,444
  • 6
  • 32
  • 59
  • 1
    Could you add your Spring Security configuration? – Sebastian May 27 '20 at 09:52
  • I have configured basic security – SSK May 27 '20 at 10:55
  • 1
    Does that mean, you did not configure anything and are just using the default? If so, this might be the problem. You need to tell Spring Security which paths in your application should be protected and which should not. Spring has a basic guide for this: https://spring.io/guides/gs/securing-web/ – Sebastian May 27 '20 at 11:09

1 Answers1

0

Swagger endpoint changes to new mapping with springdoc-openapi-ui. Changed the same in SecurityConfiguration. Now while loading the swagger ui security is not called.

public abstract class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**").antMatchers("/v3/api-docs/**",
                "/swagger-ui/**", "/swagger-ui/index.html/**");
    }
}
SSK
  • 3,444
  • 6
  • 32
  • 59