I'm using springdoc-openapi-ui for API documentation
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.6.14</version>
</dependency>
And, following Spring Boot security config.
.
.
public static String[] SWAGGER_WHITELIST = {
"/api-docs",
"/swagger-ui.html",
"/swagger-resources/**",
"/webjars/**",
"/swagger.json"
};
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.cors().disable();
http.csrf().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http
.authorizeHttpRequests()
.requestMatchers(SWAGGER_WHITELIST).permitAll()
.requestMatchers(AUTH_WHITELIST).permitAll()
.and()
.addFilterAt(new JWTAuthenticationFilter(userService, jwtService, authenticationProvider()), UsernamePasswordAuthenticationFilter.class)
// .addFilterAfter(new UserAuthorizationFilter(), JWTAuthenticationFilter.class)
.authorizeHttpRequests()
.anyRequest().authenticated();
return http.build();
}
.
.
Spring boot parent version: 3
When I try to access http://localhost:8080/swagger-ui.html I'm getting 403.
Anyone facing similar issue? What could be the issue?
I tried
- Whitelisting the swagger URLs
- Changing the swagger doc path from config
I'm getting
- No luck in debugging as console doesn't show any exception
- It just rejects requests without printing any log
