How can i configure swagger ui 3.0 with spring security 6

Question

How can i configure my swagger-ui with spring security 6. I am upgrading my appication from spring 2.7 to spring 3.12. So there are many changes and i followed the instructions. Here is my code snippet of my webconfig below:

package com.grammercetamol.securities.configurations;

import com.grammercetamol.implementation.UserDetailsServicesImpl;
import com.grammercetamol.securities.jwt.AuthFilter;
import com.grammercetamol.securities.jwt.JwtEntryPoint;
import com.grammercetamol.securities.passwordEncoder.PasswordEncrypt;
import lombok.AllArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import static org.springframework.security.config.http.SessionCreationPolicy.NEVER;

@Configuration
@EnableWebSecurity(debug = true)
@EnableMethodSecurity
@AllArgsConstructor
public class WebConfig {
    private static final String[] AUTH_WHITELIST = {
            "/api/v1/auth/**",
            "/v3/api-docs/**",
            "/v3/api-docs.yaml",
            "/swagger-ui/**",
            "/swagger-ui.html"
    };
    @Autowired
    private UserDetailsServicesImpl userDetailsServices;
    @Autowired
    private PasswordEncrypt passwordEncrypt;
    @Autowired
    private JwtEntryPoint entryPoint;

    @Autowired
    @Bean
    public AuthFilter filter() {
        return new AuthFilter();
    }

    public DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setUserDetailsService(userDetailsServices);
        authenticationProvider.setPasswordEncoder(passwordEncrypt.bCryptPasswordEncoder());
        return authenticationProvider;
    }

    @Bean
    public AuthenticationManager authenticationManager(
            AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
//        http
//                .cors()
//                .and()
//                .csrf()
//                .disable();
        http
                .cors(AbstractHttpConfigurer::disable)
                .csrf(AbstractHttpConfigurer::disable);

//        http
//                .exceptionHandling()
//                .authenticationEntryPoint(entryPoint);
        http
                .exceptionHandling(auth -> auth.authenticationEntryPoint(entryPoint));
//        http
//                .sessionManagement()
//                .sessionCreationPolicy(NEVER);
        http
                .sessionManagement(auth -> auth.sessionCreationPolicy(NEVER));

//        http
//                .authorizeRequests()
//                .antMatchers("/api/auth/**").permitAll()
//                .antMatchers("/api/secured/**").permitAll()
//                .antMatchers("/api/cloudinary/**").permitAll()
//                .antMatchers(AUTH_WHITELIST).permitAll()
//                .anyRequest()
//

//        http
//                .authorizeHttpRequests(
//                        auth -> auth.requestMatchers(
//                                        "/api/auth/**", "/api/secured/**",
//                                        "/api/cloudinary/**", "/api/v1/auth/**",
//                                        "/v3/api-docs/**", "/v3/api-docs.yaml",
//                                        "/swagger-ui/**", "/swagger-ui.html"
//                                )
//                                .permitAll()
//                                .anyRequest()
//                                .authenticated()
//                );

//        http
//                .authorizeHttpRequests((request) -> request
//                                .requestMatchers("/api/auth/**").permitAll()
//                                .requestMatchers("/api/secured/**").permitAll()
//                                .requestMatchers("/api/cloudinary/**").permitAll()
//                                .requestMatchers("/api/v1/auth/**").permitAll()
////                        .requestMatchers("/v3/api-docs/**").permitAll()
////                        .requestMatchers("/v3/api-docs.yaml").permitAll()
////                        .requestMatchers("/swagger-ui/**").permitAll()
////                        .requestMatchers("/swagger-ui.html").permitAll()
////                        .requestMatchers(new AntPathRequestMatcher("")).permitAll()
//                                .anyRequest()
//                                .authenticated()
//                );


        http
//                .securityMatcher("/swagger-ui/**")
                .authorizeHttpRequests((requests) -> requests
//                                .requestMatchers("/**").permitAll()
                                .requestMatchers("/api/auth/**").permitAll()
                                .requestMatchers("/api/secured/**").permitAll()
                                .requestMatchers("/api/cloudinary/**").permitAll()
                                .requestMatchers("/api/v1/auth/**").permitAll()
                                .requestMatchers(AUTH_WHITELIST).permitAll()
//                                .requestMatchers(new AntPathRequestMatcher("/swagger-ui/**")).permitAll()
////                        .requestMatchers(new AntPathRequestMatcher("swagger-ui/**")).permitAll()
//
//                                .requestMatchers(new AntPathRequestMatcher("/v3/api-docs/**")).permitAll()
//                                .requestMatchers(new AntPathRequestMatcher("/swagger-resources")).permitAll()
////                        .requestMatchers(new AntPathRequestMatcher("v3/api-docs/**")).permitAll()
                                .anyRequest().authenticated()
                );
        http
                .authenticationProvider(daoAuthenticationProvider());

        http
                .addFilterBefore(
                        filter(),
                        UsernamePasswordAuthenticationFilter.class
                );

        return http.build();
    }
}

I tried using the new requestHttpMatchers and co. But the error it's giving me on my web page is:

This page isn’t workingIf the problem continues, contact the site owner. HTTP ERROR 401

score 0 · Answer 1 · answered Jul 28 '23 at 11:21

First check the dependency of swagger. It should be like this :

<dependency>
    <groupId>org.springdoc</groupId>
    <artifactId>springdoc-openapi-ui</artifactId>
    <version>1.5.12</version> <!-- Replace with the latest version -->
</dependency>

In webConfig :

To initialize spring doc add this static block :

static {
     SpringDocUtils.getConfig().addRestControllers(UserController.class);
}

And allow public access to the Swagger-UI resources

@Override
public void configure(WebSecurity web) {
    web.ignoring()
            .antMatchers("/" + SWAGGER_UI_PATH + "/**", // Swagger UI HTML and resources
                    "/v3/api-docs/**", // OpenAPI v3 API-docs
                    "/swagger-ui/**", // Swagger UI webjars
                    "/swagger-ui.html" // Swagger UI index page (HTML)
            );
}

With the updated configuration, you should be able to access Swagger-UI without any authentication. If your API endpoints require Authentication then you have to customize your AuthFilter accordingly.

Add `@EnableSwagger2` on main application and add `spring.mvc.pathmatch.matching-strategy = ANT_PATH_MATCHER` in your **application.properties**. — Dhruman Desai, Jul 31 '23 at 05:05

How can i configure swagger ui 3.0 with spring security 6

1 Answers1