5

I run my app with Spring Boot using JWT token for authentication. I have a filter checks a token. Also my app provide rest API documentation with Swagger 2. I don't want my rest api will be public

So my question is, how i can provide a security for Swagger access? and can provide basic security for it?

Sergii Getman
  • 3,845
  • 5
  • 34
  • 50
  • You need to show some code how you're exposing the API docs. – Strelok Oct 19 '16 at 11:31
  • Actually found decision in transfer header from swagger ui at [this](http://stackoverflow.com/questions/36585643/spring-springfox-header-parmeters) post – Sergii Getman Oct 24 '16 at 11:28
  • @SergiiGetman: I don't wish to secure only my end point calls via swagger ( i.e. making AUTHORIZATION_KEY text box available on UI ) but wish to secure access to swagger-ui.html home page itself. Since if home page is unsecured , folks will unnecessarily can hit my end points even though access will eventually be denied by JWT filter. Any ideas ? – Sabir Khan Dec 07 '18 at 06:34
  • As answered [here](https://stackoverflow.com/a/45767928/3850730) , swagger landing page can be protected with user id & password but I wish to do it via JWT i.e business end point filter be called for swagger-ui.html & there should be a way to pass that info while hitting home page itself. – Sabir Khan Dec 07 '18 at 06:37

0 Answers0