1

I have an application built with Wildfly Swarm (now Thorntail) and I have integrated Swagger with my REST API's for documentation and also use it to test with Swagger-UI.

I would like to know if it is possible to disable the Swagger-UI part when I deploy my application in a production environment. I tried to look in the swagger documentation to see if there was any properties for this but could not find any. The same on the Thorntail documentation.

One possible solution would be to disable the swagger-ui maven dependency via a maven profile when I build the jar. I would like to avoid this because then I'll have to have one jar for production and one for development.

I saw many suggestions but they seem to be specific for Spring Boot, like this one How do you turn off swagger-ui in production

Willyan
  • 123
  • 2
  • 7
  • Unfortunately there isn't a solution for that at present. https://issues.jboss.org/browse/THORN-1566 – Ken Feb 13 '19 at 16:37
  • @Ken maybe this could be done using servlet request filters https://docs.oracle.com/javaee/7/tutorial/servlets006.htm If the path is /swagger-ui/*, then check the properties to see if we allow access or not. This is more of a work around but it could work. – ktulinho Feb 13 '19 at 16:43
  • @ktulinho filters doesn't work because swagger runs like a parallel app in server. My app runs in localhost/myApp and swagger in localhost/swagger-ui/. When I call the swagger API with `http://localhost/swagger-ui/index.html?url=http://localhost/swagger.json`, with this, swagger make a call to my app using the URI `/swagger.json`, so, if I try redirect the page won't work. In a short words, the URI `swagger-ui` isn't visible for my app. – Willyan Feb 14 '19 at 17:17

1 Answers1

0

I would recommend to host an own swagger-ui instance and not using the one in thorntail, because I consider swagger-ui a development tool, which I wouldn't use in a thorntail service directly.

If swagger-ui is hosted as an external standalone service, and you only need one installation for all developers because its just html and javascript, then you only need to take care about CORS in your service for the endpoint providing the */swagger.json. Providing the swagger.json in a production environment shouldn't be a problem, because its just the doc of your rest api.

See the following example for implementing a CORS filter copied from CORS issue on java web application

public class CorsFilter implements Filter {


    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, HEAD, OPTIONS");
        response.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
      if ("OPTIONS".equalsIgnoreCase((HttpServletRequest) servletRequest.getMethod())) {
        response.setStatus(HttpServletResponse.SC_OK);
      } else {
         filterChain.doFilter(servletRequest, response);
      }

    }

    @Override
    public void destroy() {

    }
}

Here you see how to enable the servlet filter.

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/swaggerJsonEndpoint/*</url-pattern>
</filter-mapping>
Thomas Herzog
  • 506
  • 2
  • 6