1

Because of the vulnerability CVE-2019-17495 in swagger 2.5.2 we are forced to upgrade swagger 3. I have read the documentation here https://springfox.github.io/springfox/docs/snapshot/#migrating-from-existing-2-x-version

Our is Spring boot application but deployed as WAR to Tomcat 7 so I guess steps mentioned in section "SwagggerUIWebMvcConfigurer.java" also applicable to us.

Upon hitting the URL at http://localhost:8080/swagger-ui/ or http://localhost:8080/swagger-ui/index.html we are getting a chrome popup saying "Unable to infer base url. This is common when using dynamic servlet registration or when the API is behind an API Gateway. The base url is the root of where all the swagger resources are served. For e.g. if the api is available at http://example.org/api/v2/api-docs then the base url is http://example.org/api/. Please enter the location manually"

We are not getting 401 so I think we are good with bypassing swagger URL's Anyways here is the snippet for that as well.

web
            .ignoring()
            .antMatchers("/resourcecheck",
                         "/statuscheck",
                         "/swagger-ui.html",
                         "/webjars/**",
                         "/swagger-resources/**",
                         "/v2/api-docs",
                         "/swagger-ui/**");

Here is the snippet of docket

@Bean
    public Docket createDocket() {
        return new Docket(DocumentationType.SWAGGER_2)
                .select()
                .paths(PathSelectors.any()) // and by paths
                .build()
                .useDefaultResponseMessages(false)
                .apiInfo(new ApiInfoBuilder().build());
    }

Here are the overridden methods of class that extends WebMvcConfigurerAdapter.

    @Override
    public void addResourceHandlers(final ResourceHandlerRegistry resourceHandlerRegistry) {
        resourceHandlerRegistry.addResourceHandler("/webjars/**")
                               .addResourceLocations("classpath:/META-INF/resources/webjars/");
        resourceHandlerRegistry.
            addResourceHandler("/swagger-ui/**")
            .addResourceLocations("classpath:/META-INF/resources/webjars/springfox-swagger-ui/")
            .resourceChain(false);
    }
    
    
        @Override
        public void addViewControllers(final ViewControllerRegistry registry) {
            registry.addViewController("/swagger-ui/").setViewName("forward:/swagger-ui/index.html");
        }

We are not able to find any solution online so hopefully someone able to answer our issue here.

Anish Sharma
  • 115
  • 1
  • 2
  • 9

0 Answers0