How can I bypass authentication for Swagger-UI?-CodePudding

How can I bypass token authentication for Swagger-UI from browser?

I can make requests to Swagger-UI via Postman.

When I make a request from the browser, I get an error because it requests a token.

http://localhost:8080/swagger-ui/index.html

How can I fix?

pom.xml

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
    <version>2.7.4</version>
</dependency>
<dependency>
        <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springdoc</groupId>
    <artifactId>springdoc-openapi-ui</artifactId>
    <version>1.6.14</version>
</dependency>

Main class

@SpringBootApplication
public class ExampleMain {
    public static void main(String[] args) {
        SpringApplication.run(ExampleMain.class, args);
    }
}

Security class

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    private JwtConverter wtConverter;

    public SecurityConfig(JwtConverter jwtConverter) {
        this.jwtConverter = jwtConverter;
    }
    @Bean
    public SecurityFilterChain configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/swagger-ui/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .oauth2ResourceServer()
                .jwt()
                .jwtAuthenticationConverter(jwtConverter);
        return http.build();
    }
}

CodePudding user response：

Apart from /swagger-ui/**, you should also permit access to OpenAPI documentation and Swagger resources:

...antMatchers("/v3/api-docs/**", "/swagger-ui.html", "/swagger-ui/**", "/swagger-resources/**", "/swagger-resources").permitAll()