0

I want to open the swagger ui on my browser. This is my code

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/swagger-ui.html").permitAll()                .anyRequest().authenticated().and().httpBasic().and().csrf().disable();
    }

But it doesn't work. I still need to enter basic auth provided by httpBasic()

So I add the following code found by others

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/v2/api-docs",
                "/configuration/ui",
                "/swagger-resources/**",
                "/configuration/security",
                "/swagger-ui.html",
                "/webjars/**");
    }

Now, I can access localhost:8080/swagger-ui.html but the httpBasic window still pops up. I can click cancel to close the window and continue to use the swagger ui. But I don't know what causes the issue

timo
  • 103
  • 2
  • 12
  • Does this answer your question? [How to configure Spring Security to allow Swagger URL to be accessed without authentication](https://stackoverflow.com/questions/37671125/how-to-configure-spring-security-to-allow-swagger-url-to-be-accessed-without-aut) – Simon Martinelli Jul 16 '21 at 09:42
  • Not really, please read my second part of the question. – timo Jul 16 '21 at 09:47
  • Basically I can open swagger UI but the httpBasic() still pops out aftre adding the code – timo Jul 16 '21 at 09:48
  • 4
    The issue is caused by secondary files referenced by the main `swagger-ui.html` file, directly or indirectly. Files such as `.js`, `.css`, `.png`, etc. You can see the full list on the Web Browser's "Network" panel. E.g. in Firefox, press F12 and select the "Network" tab, then reload the page. Chrome has similar feature. A request that is returned with status `401 Unauthorized` is what causes the httpBasic popup to occur. – Andreas Jul 16 '21 at 10:05
  • @Andreas is probably right – thechaoticpanda Jul 16 '21 at 11:22

2 Answers2

0

From which controller this swagger-ui.html is called put that controller URL to the .antMatchers().

Kaushik Shaw
  • 41
  • 3
0

Try this-

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .antMatchers("/v2/api-docs", "/configuration/ui", 
                     "/swagger-resources", "/configuration/security", 
                     "/swagger-ui.html", "/webjars/**", "/swagge‌​r-ui.html",
                     "/swagger-resources/configuration/ui", 
                     "/swagger-resources/configuration/security").permitAll() 
        .anyRequest().authenticated()
        .and().httpBasic()
        .and().csrf().disable();
}
Ayush
  • 349
  • 1
  • 7