Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

403 Forbidden for OpenApiSwagger in Spring Boot Security

byMR
August 19, 2022

I have Spring Boot application with Spring Security. After configure configuration-class localhost-Swagger return 403 Forbidden. I can’t figure out what could be the problem.

http://localhost:8080/swagger-ui.html#/ – 403 Forbidden

SecurityConfiguration:

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

@Configuration
@EnableWebSecurity
public class SecurityConfiguration {

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
            throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        http.authorizeRequests()
            .antMatchers("/api/user/login").permitAll()
            .anyRequest().authenticated();

        return http.build();
    }

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return (web) -> web.ignoring()
                           .antMatchers("/api/user/auth")
                           .antMatchers("/v3/api-docs")
                           .antMatchers("/swagger-resources/**")
                           .antMatchers("/swagger-ui.html")
                           .antMatchers("/configuration/**")
                           .antMatchers("/webjars/**")
                           .antMatchers("/public");
    }
}

build.gradle:

dependencies {
    implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: '2.7.2'
    implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jdbc', version: '2.7.2'
    implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: '2.7.2'

    implementation group: 'com.microsoft.sqlserver', name: 'mssql-jdbc', version: '9.4.1.jre16'

    implementation group: 'org.json', name: 'json', version: '20220320'

    implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: '1.6.9'

    implementation group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1'

    compileOnly 'org.projectlombok:lombok:1.18.24'

    annotationProcessor 'org.projectlombok:lombok:1.18.24'
}

P.S. Please do not suggest to inherit the class from WebSecurityConfigurerAdapter as it is deprecated in my version of Spring Security.

>Solution :

you can use "/swagger-ui/**" instead of "/swagger-ui.html" in web security configuration.

 @Bean
public WebSecurityCustomizer webSecurityCustomizer() {
    return (web) -> web.ignoring()
                       .antMatchers("/api/auth/**")
                       .antMatchers("/v3/api-docs/**")
                       .antMatchers("configuration/**")
                       .antMatchers("/swagger*/**")
                       .antMatchers("/webjars/**")
                       .antMatchers("/swagger-ui/**");
}

did you put springdoc.swagger-ui.path in your application property file?

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading