springboot security swagger springfox-boot-starter

问题

pom.xml

<!-- swagger -->
<dependency>
    <groupId>io.springfox</groupId>
    <artifactId>springfox-boot-starter</artifactId>
    <version>3.0.0</version>
</dependency>

spring-security configure

protected void configure(HttpSecurity httpSecurity) throws Exception {

        String[] SWAGGERS = {
                "/swagger/**",
                "/v3/**"
        };

        httpSecurity
                .authorizeRequests(expressionInterceptUrlRegistry ->
                        expressionInterceptUrlRegistry
                                // 放行 druid 页面
                                .antMatchers("/zhy-druid/**").permitAll()
                                .antMatchers(SWAGGERS).anonymous()
                                .anyRequest().authenticated()
                );

        httpSecurity
                .formLogin(httpSecurityFormLoginConfigurer ->
                        httpSecurityFormLoginConfigurer
                                .loginPage("/authentication")
                                .successHandler(accountAuthenticationSuccessHandler)
                                .failureHandler(accountAuthenticationFailureHandler)
                );

        httpSecurity
                .logout(httpSecurityLogoutConfigurer ->
                        httpSecurityLogoutConfigurer
                                .logoutUrl("/cancellation")
                                .logoutSuccessHandler(accountLogoutSuccessHandler)
                );

        httpSecurity
                .exceptionHandling(httpSecurityExceptionHandlingConfigurer ->
                        httpSecurityExceptionHandlingConfigurer
                                .authenticationEntryPoint(accountAuthenticationEntryPointHandler)
                                .accessDeniedHandler(accountAccessDeniedHandler)
                );

        httpSecurity
                .cors();

        httpSecurity
                .csrf()
                .disable();
    }

application-local.yml

springfox:
  documentation:
    enabled: true
    swagger-ui:
      base-url: /swagger

I get this result.

Unable to render this definition The provided definition does not specify a valid version field.

Please indicate a valid Swagger or OpenAPI version field. Supported version fields are swagger: 2.0 and those that match openapi: 3.0.n (for example, openapi: 3.0.0).

回答1:

Openapi is the latest library and recommended for spring boot applications. It's the next version of swagger.

Add the below code for work openapi in your application.

pom.xml

<dependency>
    <groupId>org.springdoc</groupId>
    <artifactId>springdoc-openapi-ui</artifactId>
    <version>1.2.32</version>
</dependency>

Spring-Security configure to allow open api url.

@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    
    @Autowired
    private UserServiceImpl userServiceImpl;
    
    @Bean
    BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
                .authorizeRequests()
                    .antMatchers(SecurityConstants.SIGN_UP_URL).permitAll()
                    .antMatchers("/swagger-ui/**").permitAll()
                    .antMatchers("/v3/**").permitAll()
                    .antMatchers("/api-docs.html").permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilter(new AuthorizationFilter(authenticationManager()))
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}

application.yml

springdoc:
  swagger-ui.path: /api-docs.html

来源：https://stackoverflow.com/questions/65557795/springboot-security-swagger-springfox-boot-starter