my project has spring security. main issue : not able access swagger url @ http://localhost:8080/api/v2/api-docs. says missing or invalid authorization header.
screenshot of browser window pom.xml has following entries
<dependency> <groupid>io.springfox</groupid> <artifactid>springfox-swagger2</artifactid> <version>2.4.0</version> </dependency> <dependency> <groupid>io.springfox</groupid> <artifactid>springfox-swagger-ui</artifactid> <version>2.4.0</version> </dependency> swaggerconfig :
@configuration @enableswagger2 public class swaggerconfig { @bean public docket api() { return new docket(documentationtype.swagger_2).select() .apis(requesthandlerselectors.any()) .paths(pathselectors.any()) .build() .apiinfo(apiinfo()); } private apiinfo apiinfo() { apiinfo apiinfo = new apiinfo("my rest api", "some custom description of api.", "api tos", "terms of service", "myeaddress@company.com", "license of api", "api license url"); return apiinfo; } appconfig:
@configuration @enablewebmvc @componentscan(basepackages = { "com.musigma.esp2" }) @import(swaggerconfig.class) public class appconfig extends webmvcconfigureradapter { // ========= overrides =========== @override public void addinterceptors(interceptorregistry registry) { registry.addinterceptor(new localechangeinterceptor()); } @override public void addresourcehandlers(resourcehandlerregistry registry) { registry.addresourcehandler("swagger-ui.html") .addresourcelocations("classpath:/meta-inf/resources/"); registry.addresourcehandler("/webjars/**") .addresourcelocations("classpath:/meta-inf/resources/webjars/"); } web.xml entries:
<context-param> <param-name>contextconfiglocation</param-name> <param-value> com.musigma.esp2.configuration.appconfig com.musigma.esp2.configuration.websecurityconfiguration com.musigma.esp2.configuration.persistenceconfig com.musigma.esp2.configuration.aclconfig com.musigma.esp2.configuration.swaggerconfig </param-value> </context-param> websecurityconfig:
@configuration @enablewebsecurity @enableglobalmethodsecurity(prepostenabled = true) @componentscan(basepackages = { "com.musigma.esp2.service", "com.musigma.esp2.security" }) public class websecurityconfiguration extends websecurityconfigureradapter { @override protected void configure(httpsecurity httpsecurity) throws exception { httpsecurity .csrf() .disable() .exceptionhandling() .authenticationentrypoint(this.unauthorizedhandler) .and() .sessionmanagement() .sessioncreationpolicy(sessioncreationpolicy.stateless) .and() .authorizerequests() .antmatchers("/auth/login", "/auth/logout").permitall() .antmatchers("/api/**").authenticated() .anyrequest().authenticated(); // custom json based authentication post of {"username":"<name>","password":"<password>"} sets token header upon authentication httpsecurity.addfilterbefore(loginfilter(), usernamepasswordauthenticationfilter.class); // custom token based authentication based on header given client httpsecurity.addfilterbefore(new statelesstokenauthenticationfilter(tokenauthenticationservice), usernamepasswordauthenticationfilter.class); } }
adding websecurityconfiguration class should trick.
@configuration public class websecurityconfiguration extends websecurityconfigureradapter { @override public void configure(websecurity web) throws exception { web.ignoring().antmatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security", "/swagger-ui.html", "/webjars/**"); } } 