Allow anonymous access to springdoc-openapi-ui with Spring Security
Additionally to Evgeniy's answer, I'd add the proper configuration to avoid conflicts with document fetching used in Swagger's UI (such js, html, images and other files), also in the SecurityConfig class like this:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//Other configuration methods
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers("/v3/api-docs/**", "/swagger-ui/**");
}
}
Without this configuration, even though the UI looks like It's loaded, a 401: Unauthorized
may arise on the background calls when loading the above mentioned files.
To use springdoc-openapi-ui /swagger-ui.html
, allow anonymous access to the following endpoints in the WebSecurityConfigurerAdapter
using permitAll
method:
/v3/api-docs/**
/swagger-ui/**
/swagger-ui.html
Example:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.
.authorizeRequests()
.antMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic(); //or anything else, e.g. .oauth2ResourceServer().jwt()
}
}
Make sure a project has the following dependencies:
- org.springdoc:springdoc-openapi-ui
- org.springdoc:springdoc-openapi-security