Spring security call for all the services when loading swagger UI

Question

I am using the springdoc-openapi-ui. When I load my swagger page, spring-security is called for all the API at the time of loading swagger UI. I have spring security in place. My expectation is security should be called when I try to hit the particular API from swagger.

My swagger UI link looks like below

'http://localhost:8080/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config'

When I was using the springfox-swagger-ui that time it was working as expected. recently I have migrated to springdoc-openapi-ui.

Does that mean, you did not configure anything and are just using the default? If so, this might be the problem. You need to tell Spring Security which paths in your application should be protected and which should not. Spring has a basic guide for this: spring.io/guides/gs/securing-web — Sebastian

SSK SSK · Accepted Answer · 2020-05-27T12:52:14

Swagger endpoint changes to new mapping with springdoc-openapi-ui. Changed the same in SecurityConfiguration. Now while loading the swagger ui security is not called.

public abstract class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**").antMatchers("/v3/api-docs/**",
                "/swagger-ui/**", "/swagger-ui/index.html/**");
    }
}

Spring security call for all the services when loading swagger UI

1 Answers