2

I still have the "disable"-problem...

My swagger interface url is configured to /swagger-ui.html ( it redirects to /swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config =>which is normal ! ) BUT the default swagger url ( PetStore ) is still accessable via /swagger-ui/index.html ( so by removing everything from "?" ).

I have to solve this problem, because it is seen as a security issue...

There are 4 ways to configure this, but I used the swagger-ui yaml file : https://swagger.io/docs/open-source-tools/swagger-ui/usage/configuration/

My application.yaml :


    springdoc:
      swagger-ui:
        path: '/swagger-ui.html'
        configUrl: '/v3/api-docs/swagger-config'
        disable-swagger-default-url: true

But this doesn't disable the petstore. I have no clue why :-(

I am using the springdoc openapi 1.5.7 ( in build.gradle ) :

    implementation('org.springdoc:springdoc-openapi-ui:1.5.7') {
        exclude group: 'javax.validation', module: 'validation-api'
    }

I changed in my config the path from '/swagger-ui.html' to path: '/swagger_ui.html' ( and run again the application ) this change worked, so I do not understand why it doesn't disable default swagger url.

I read many topics on stackoverflow, I have exactly what was written, I got my answer in which file it needs to be "configured" ( application.properties or application.yaml )

Tasari
  • 39
  • 1
  • 9
  • If this help to you https://stackoverflow.com/q/63152653/3493829 – SSK Apr 22 '21 at 03:12
  • Thank you sooo much !! The topic itself doesn't give the solution, I went to the given link but there somebody gave a link with swagger-ui config, I have no clue but it works! Thanks a lot ! – Tasari Apr 23 '21 at 10:41

2 Answers2

2

I finally solved the problem, thanks to SSK !

The solution for this problem, is to add in "application.yaml" ( in your folder "resources" under "main" ) :

springdoc:
  swagger-ui:
    path: /swagger-ui.html
    display-request-duration: true
    groups-order: DESC
    operationsSorter: method
    disable-swagger-default-url: true

My swagger http://localhost:8080/swagger-ui.html work perfectly for my application, you get redirected to http://localhost:8080/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config Which is correct ( and worked always perfectly ) !

BUT when trying to use these urls : http://localhost:8080/swagger-ui/index.html?configUrl= http://localhost:8080/swagger-ui/index.html It gives "No API definition provided.", so it is perfectly safe and "demo PetStore" is disbled !

Have a nice day !

Tasari
  • 39
  • 1
  • 9
0

Starting from release v1.4.1, the following property is available to disable the swagger-ui default petstore url:

springdoc.swagger-ui.disable-swagger-default-url=true

This is also answered in the F.A.Q of springdoc-openapi.

brianbro
  • 4,141
  • 2
  • 24
  • 37
  • Thank you for your answer, but of course I saw that in the FAQ and in some posts here in stackoverflow. But with this only it didn't work, I had to put exactly like I put below ( application.yaml ), this was the only way it worked. No clue way, it took my long time to find it.. – Tasari May 24 '21 at 15:14