2

I have a basic config like this

public class WebSecurityConfig extends WebSecurityConfigurerAdapter

 protected void configure(HttpSecurity httpSecurity) throws Exception {
        // We don't need CSRF for this example
        httpSecurity.csrf().disable()
                // dont authenticate this particular request
                .authorizeRequests().antMatchers("/authenticate").permitAll().
                // all other requests need to be authenticated
                        anyRequest().authenticated().and().
                        // make sure we use stateless session; session won't be used to
                        // store user's state.
                        exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // Add a filter to validate the tokens with every request
        httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
    }

So basically it allows /authenticate through but everything else needs token. How do I allow it to bypass Swagger as well? It's make development difficult because the team relies on Swagger to see the API docs.

erotsppa
  • 14,248
  • 33
  • 123
  • 181

1 Answers1

1

Add the swagger endpoints in antMatchers with permitAll(). OR you can use configure(WebSecurity WebSecurity) and use .ignoring() see here

protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable()
                .authorizeRequests()
                .antMatchers("/authenticate").permitAll()
                .antMatchers("/v2/api-docs", "/configuration/**", "/swagger*/**", "/webjars/**").permitAll()
                .anyRequest().authenticated().and()
                .exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
    }
Romil Patel
  • 12,879
  • 7
  • 47
  • 76