我在我的项目中使用Spring Security,现在我试图使用Swagger OpenAPI创建文档,并且我一直在遭受这导致的冲突。我不知道我必须更改什么,因为没有教程允许我解决错误。我所有的访问尝试都向我发送错误403。
这里是我的 Spring 安全配置
package com.mariojunior.todo.config;import com.mariojunior.todo.security.JWTAuthenticationFilter;import com.mariojunior.todo.security.JWTAuthorizationFilter;import com.mariojunior.todo.security.JWTUtil;import com.mariojunior.todo.service.UserDetailsService;import jakarta.servlet.http.HttpServletResponse;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.http.HttpMethod;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;import org.springframework.security.config.http.SessionCreationPolicy;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.web.SecurityFilterChain;import org.springframework.web.cors.CorsConfiguration;import org.springframework.web.cors.CorsConfigurationSource;import org.springframework.web.cors.UrlBasedCorsConfigurationSource;import java.util.Arrays;@Configuration@EnableWebSecurity@EnableMethodSecurity(securedEnabled = true)public class SecurityConfig {private AuthenticationManager authenticationManager;@Autowiredprivate UserDetailsService userDetailsService;@Autowiredprivate JWTUtil jwtUtil;private static final String[] PUBLIC_MATCHERS_POST = {"/users/","/login"};private static final String[] AUTH_WHITELIST ={"/v3/api-docs/**","/swagger-ui/**"};@Beanpublic SecurityFilterChain filterChain(HttpSecurity http) throws Exception{http.csrf(AbstractHttpConfigurer::disable).cors(AbstractHttpConfigurer::disable);AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());this.authenticationManager = authenticationManagerBuilder.build();http.authorizeHttpRequests(request -> {request.requestMatchers(AUTH_WHITELIST).permitAll();request.requestMatchers(HttpMethod.POST, PUBLIC_MATCHERS_POST).permitAll();request.anyRequest().authenticated().and().authenticationManager(authenticationManager);});http.addFilter(new JWTAuthorizationFilter(this.authenticationManager, jwtUtil, userDetailsService));http.addFilter(new JWTAuthenticationFilter(this.authenticationManager, jwtUtil));http.sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));return http.build();}@BeanCorsConfigurationSource corsConfigurationSource() {CorsConfiguration configuration = new CorsConfiguration().applyPermitDefaultValues();configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "DELETE"));final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();source.registerCorsConfiguration("/**", configuration);return source;}@Beanpublic BCryptPasswordEncoder bCryptPasswordEncoder() {return new BCryptPasswordEncoder();}}
字符串
我试图解决与新的链接在白名单和重构的一切,我发现这个错误,但没有工作
1条答案
按热度按时间gj3fmq9x1#
如果您使用最新版本的Sping Boot 或安全性,swagger可能无法很好地工作。
如果您使用的是旧版本的Swagger,请尝试切换到下一个版本的Swagger。
字符串