Spring Boot 2.2.4.RELEASE
Spring Security 5.2.1.RELEASE
新建 Spring Boot 项目,引入依赖:
<project>
<properties>
<java.version>1.8</java.version>
<springfox-swagger2.version>2.9.2</springfox-swagger2.version>
<springfox-swagger-ui.version>2.9.2</springfox-swagger-ui.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
...
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>${springfox-swagger2.version}</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>${springfox-swagger-ui.version}</version>
</dependency>
</dependencies>
</project>
新建 Swagger 配置类:
import java.util.ArrayList;
import java.util.List;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.ParameterBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.schema.ModelRef;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.service.Parameter;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
@Configuration
@EnableSwagger2
public class SwaggerConfig {
// 默认的 API 文档地址:http://localhost:8080/swagger-ui.html
@Bean
public Docket docket() {
ParameterBuilder parameterBuilder = new ParameterBuilder();
List<Parameter> parameters = new ArrayList<>();
parameterBuilder.name("Authorization") // Updates the parameter name
.description("JSON Web Token")
.modelRef(new ModelRef("string"))
.parameterType("header")
.required(false)
.build();
parameters.add(parameterBuilder.build());
return new Docket(DocumentationType.SWAGGER_2)
// Sets the api's meta information as included in the json ResourceListing response.
.apiInfo(apiInfo())
// Initiates a builder for api selection.
.select()
// Any RequestHandler satisfies this condition
.apis(RequestHandlerSelectors.any())
// Any path satisfies this condition
.paths(PathSelectors.any())
.build()
// Adds default parameters which will be applied to all operations.
.globalOperationParameters(parameters);
}
private ApiInfo apiInfo() {
return new ApiInfoBuilder() // Builds the api information
.title("Spring Boot API Document")
.description("")
.version("1.0.0")
.build();
}
}
启动项目,在添加了 Spring Security 之后,默认情况下,需要登录成功之后才能访问相应的接口。直接访问 http://localhost:8080/swagger-ui.html 会被重定向至 http://localhost:8080/login:
新建配置类,继承自 WebSecurityConfigurerAdapter,重写 configure(HttpSecurity) 方法:
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/swagger-ui.html").permitAll()
.antMatchers("/webjars/**").permitAll()
.antMatchers("/swagger-resources/**").permitAll()
.antMatchers("/v2/*").permitAll()
.antMatchers("/csrf").permitAll()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
;
}
}
重启项目,直接访问 http://localhost:8080/swagger-ui.html 不会被重定向至登录页面:
