Issue
I have Spring Boot application with Spring Security. After configure configuration-class localhost-Swagger return 403 Forbidden. I can't figure out what could be the problem.
http://localhost:8080/swagger-ui.html#/ - 403 Forbidden
SecurityConfiguration:
class="lang-java prettyprint-override">@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests()
.antMatchers("/api/user/login").permitAll()
.anyRequest().authenticated();
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.antMatchers("/api/user/auth")
.antMatchers("/v3/api-docs")
.antMatchers("/swagger-resources/**")
.antMatchers("/swagger-ui.html")
.antMatchers("/configuration/**")
.antMatchers("/webjars/**")
.antMatchers("/public");
}
}
build.gradle:
dependencies {
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: '2.7.2'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jdbc', version: '2.7.2'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: '2.7.2'
implementation group: 'com.microsoft.sqlserver', name: 'mssql-jdbc', version: '9.4.1.jre16'
implementation group: 'org.json', name: 'json', version: '20220320'
implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: '1.6.9'
implementation group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1'
compileOnly 'org.projectlombok:lombok:1.18.24'
annotationProcessor 'org.projectlombok:lombok:1.18.24'
}
P.S. Please do not suggest to inherit the class from WebSecurityConfigurerAdapter as it is deprecated in my version of Spring Security.
Solution
you can use "/swagger-ui/**" instead of "/swagger-ui.html" in web security configuration.
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.antMatchers("/api/auth/**")
.antMatchers("/v3/api-docs/**")
.antMatchers("configuration/**")
.antMatchers("/swagger*/**")
.antMatchers("/webjars/**")
.antMatchers("/swagger-ui/**");
}
did you put springdoc.swagger-ui.path
in your application property file?
Answered By - Mazhar Ibna Zahur
Answer Checked By - Senaida (JavaFixing Volunteer)