unauthenticated swagger-ui on- server-port and proper security filter integration into Spring Security #163

Merged
hsh-michaelhoennig merged 13 commits from feature/unauthenticated-swagger-ui-on-server-port into master 2025-03-17 12:59:53 +01:00
4 changed files with 13 additions and 7 deletions
Showing only changes of commit ab0e1f604b - Show all commits

View File

@ -132,7 +132,7 @@ Also try for example 'admin@xxx.example.com' or 'unknown@example.org'.
If you want a formatted JSON output, you can pipe the result to `jq` or similar.
And to see the full, currently implemented, API, open http://localhost:8081/actuator/swagger-ui/index.html (uses management-port and thus bypasses authentication).
And to see the full, currently implemented, API, open http://localhost:8080/swagger-ui/index.html (on same port as the API to avoid CORS problems).
If you still need to install some of these tools, find some hints in the next chapters.

View File

@ -17,7 +17,7 @@ management:
# HOWTO: view the effective application configuration properties:
# http://localhost:8081/actuator/configprops
include: info, health, metrics, metric-links, mappings, openapi, swaggerui, configprops, env
include: info, health, metrics, metric-links, mappings, openapi, configprops, env
endpoint:
env:
# TODO.spec: check this, maybe set to when_authorized?
@ -37,6 +37,10 @@ spring:
url: ${HSADMINNG_POSTGRES_JDBC_URL}
username: postgres
data:
rest:
detection-strategy: annotated
sql:
init:
mode: never
@ -51,7 +55,8 @@ spring:
# keep this in sync with test/.../application.yml
springdoc:
use-management-port: true
# SwaggerUI must run on the same port as the API itself, otherwise CORS will block accessing the API
use-management-port: false
hsadminng:
postgres:

View File

@ -84,14 +84,14 @@ class WebSecurityConfigIntegrationTest {
@Test
public void shouldSupportSwaggerUi() {
final var result = this.restTemplate.getForEntity(
"http://localhost:" + this.managementPort + "/actuator/swagger-ui/index.html", String.class);
"http://localhost:" + this.managementPort + "/swagger-ui/index.html", String.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
}
@Test
public void shouldSupportApiDocs() {
final var result = this.restTemplate.getForEntity(
"http://localhost:" + this.managementPort + "/actuator/v3/api-docs/swagger-config", String.class);
"http://localhost:" + this.managementPort + "/v3/api-docs/swagger-config", String.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND); // permitted but not configured
}
@ -109,5 +109,4 @@ class WebSecurityConfigIntegrationTest {
"http://localhost:" + this.managementPort + "/actuator/metrics", Map.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
}
}

View File

@ -41,7 +41,9 @@ spring:
# keep this in sync with main/.../application.yml
springdoc:
use-management-port: true
# SwaggerUI must run on the same port as the API itself, otherwise CORS will block accessing the API
use-management-port: false
logging:
level: