Recently I had a working Swagger (both UI and JSON), then after I add Spring Security to my project my JSON endpoint is still working (ex. /v3/api-docs), but Swagger UI cannot be found anymore (404 on /swagger-ui/ and /swagger.html). I read a lot of resources on internet about this, tried every possible solution (ex. ignoring swagger paths in security config), but so far none of them solve my issue.
It's worth to mention that I started my project with springfox dependency (project is based on Maven):
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-boot-starter</artifactId>
<version>3.0.0</version>
</dependency>
But now I move it to OpenAPI 3 with given dependencies (springdoc-openapi-security was recommended in OpenAPI docs to use with Spring Security):
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.5.10</version>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-security</artifactId>
</dependency>
Here is security configuration SecurityConfiguration.java
http.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/api/categories**").permitAll()
.antMatchers(HttpMethod.POST, "/api/categories").hasRole("ADMIN")
.antMatchers(HttpMethod.PUT, "/api/categories/*").hasRole("ADMIN")
.antMatchers(HttpMethod.DELETE, "/api/categories/*").hasRole("ADMIN")
.antMatchers(HttpMethod.GET, "/api/courses**").permitAll()
.antMatchers(HttpMethod.POST, "/api/courses").hasAnyRole("USER", "ADMIN")
.antMatchers(HttpMethod.PUT, "/api/courses/*").hasAnyRole("USER", "ADMIN")
.antMatchers(HttpMethod.DELETE, "/api/courses/*").hasAnyRole("USER", "ADMIN")
.antMatchers(HttpMethod.PUT, "/api/users").hasAnyRole("USER", "DEVELOPER", "ADMIN")
.antMatchers(HttpMethod.GET, "/api/users").hasAnyRole("USER", "DEVELOPER", "ADMIN")
.antMatchers(HttpMethod.POST, "/api/users").permitAll()
.antMatchers("/actuator", "/actuator/*", "actuator/**").hasAnyRole("DEVELOPER", "ADMIN")
.antMatchers("/api/auth/*").permitAll()
.antMatchers("**").permitAll()
.anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.cors();
I tried also to show url to UI through actuator, but unfortunetly it didn't worked (don't show in actuator) application.properties
management.endpoints.web.exposure.include=*
# Open API
springdoc.swagger-ui.enabled=true
springdoc.api-docs.enabled=true
springdoc.swagger-ui.path=/swagger-ui.html
springdoc.use-management-port=true
Example resource: UserResource.java
@RestController
@RequestMapping("/api/users")
@Tag(name = "Users")
public class UserResource {
@Autowired
@Qualifier("userServiceImpl")
private UserService service;
private final String FILTER_NAME = "JsonFilter";
@Operation(summary = "register new user", description = "Operation available for everyone.")
@ApiResponses({
@ApiResponse(responseCode = "201", description = "User registered",
content = { @Content(mediaType = "application/json", schema = @Schema(implementation = User.class)) }),
@ApiResponse(responseCode = "400", description = "Invalid user data",
content = { @Content(mediaType = "application/json", schema = @Schema(implementation = User.class)) }),
})
@ResponseStatus(HttpStatus.CREATED)
@PostMapping
public void registerNewUser(
@Parameter(description = "valid new user object", required = true)
@Valid @RequestBody User user) throws UsernameNotUniqueException {
service.register(user);
}
So summarising I will be very grateful for any possible solution. Thanks everybody who reach this point :)
Project is available on my Github: https://github.com/PeterStuck/course-website-backend
Project can be run through Docker (or docker-compose). I personally run Postgres on Docker (from docker-compose file) and project with default development server.
JSON docs URL: http://localhost:8085/v3/api-docs
Regards!
