为什么我的Security一直不放行我的swagger2文件,一直提示我无法访问
我的拦截器
package com.zlh.server.config.security;
import com.zlh.server.pojo.Admin;
import com.zlh.server.service.IAdminService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.annotation.Resource;
/**
* @version v1.0.0
* @belongsProject: yeb
* @belongsPackage: com.zlh.server.config.security
* @author: 青山
* @description: Security配置类
* @createTime: 2021-12-29 16:22
*/
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
private IAdminService adminService;
@Resource
private RestAuthorizationEntryPoint restAuthorizationEntryPoint;
@Resource
private RestfulAccessDeniedHandler restfulAccessDeniedHandler;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}
@Override
public void configure(WebSecurity web) throws Exception {
/* web.ignoring().antMatchers(loadExcludePath());*/
web.ignoring().antMatchers(
"/js'/**", "/css/**", "/images/**","doc.html","/login",
"/logout","swagger-resources/**","/webjars/**","/v2/api-docs/**","favicon.ico"
);//对js、css、images等不做拦截
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// 使用JWT 不需要使用csrf
http.csrf()
.disable()
// 基于token 不需要session
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(
"/userlogin",
"/userlogout",
"/userjwt",
"/v2/api-docs",
"/swagger-resources/configuration/ui",
"/swagger-resources",
"/swagger-resources/configuration/security",
"/swagger-ui.html",
"/css/**",
"/js/**",
"/images/**",
"/webjars/**",
"/import/test",
"**/favicon.ico",
"/index").permitAll()
// 所有请求都要求认证
.anyRequest()
.authenticated()
.and()
// 禁用缓存
.headers()
.cacheControl();
// 添加JWT登录授权过滤器
http.addFilterBefore(jwtAuthencationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
// 添加自定义未授权和未登录返回
http.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthorizationEntryPoint);
}
@Override
@Bean
public UserDetailsService userDetailsService(){
return username -> {
Admin admin = adminService.getAdminByUserName(username);
if (null != admin){
return admin;
}
return null;
};
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Bean
public JwtAuthencationTokenFilter jwtAuthencationTokenFilter(){
return new JwtAuthencationTokenFilter();
}
}
这是我的swagger2
package com.zlh.server.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.context.SecurityContext;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.*;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
import java.util.ArrayList;
import java.util.List;
/**
* @version v1.0.0
* @belongsProject: yeb
* @belongsPackage: com.zlh.server.config.security
* @author: 青山
* @description: Swagger2配置类
* @createTime: 2021-12-29 17:24
*/
@Configuration
@EnableSwagger2
public class Swagger2Config {
@Bean
public Docket createRestApi(){
return new Docket(DocumentationType.SWAGGER_2)
.apiInfo(apiInfo())
.select()
.apis(RequestHandlerSelectors.basePackage("com.zlh.server.controller"))
.paths(PathSelectors.any())
.build()
.securityContexts(securityContexts())
.securitySchemes(securitySchemes());
}
private ApiInfo apiInfo(){
return new ApiInfoBuilder()
.title("云E办接口文档")
.description("云E办接口文档")
.contact(new Contact("zlh","http:localhost:8081/doc.html","xxxx@xxxx.com"))
.version("1.0")
.build();
}
private List<ApiKey> securitySchemes(){
// 设置请求头信息
List<ApiKey> result = new ArrayList<>();
ApiKey apiKey = new ApiKey("Authorization","Authorization","Header");
result.add(apiKey);
return result;
}
public List<springfox.documentation.spi.service.contexts.SecurityContext> securityContexts(){
// 需要认证的路径
List<springfox.documentation.spi.service.contexts.SecurityContext> result = new ArrayList<>();
result.add(getContextByPath("/hello/.*"));
return result;
}
private springfox.documentation.spi.service.contexts.SecurityContext getContextByPath(String pathRegex) {
return springfox.documentation.spi.service.contexts.SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(PathSelectors.regex(pathRegex))
.build();
}
private List<SecurityReference> defaultAuth() {
List<SecurityReference> result = new ArrayList<>();
AuthorizationScope authorizationScope = new AuthorizationScope("global",
"accessEverythisng");
AuthorizationScope [] authorizationScopes = new AuthorizationScope[1];
authorizationScopes[0] = authorizationScope;
result.add(new SecurityReference("Authorization",authorizationScopes));
return result;
}
}
你把doc.html也放行一下
它的这个配置我是按流程走的,,
package com.zlh.server.config;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.context.SecurityContext;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.*;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
import java.util.ArrayList;
import java.util.List;
/**
* @version v1.0.0
* @belongsProject: yeb
* @belongsPackage: com.zlh.server.config.security
* @author: 青山
* @description: Swagger2配置类
* @createTime: 2021-12-29 17:24
*/
@Configuration
@EnableSwagger2
// swagger2的配置文件,在项目启动类的同级文件建立
// 是否开启swagger,正式环境一般是需要关闭,可根据springboot的多环境配置进行
@ConditionalOnProperty(name = "swagger.enble",havingValue = "true")
public class Swagger2Config {
@Bean
public Docket createRestApi(){
return new Docket(DocumentationType.SWAGGER_2)
// 详细信息定制
.apiInfo(apiInfo())
//ApiSelectorBuilder扫描器
.select()
// 指定包路径,生成api文档的类
.apis(RequestHandlerSelectors.basePackage("com.zlh.server.controller"))
// 扫描所有 .apis(RequestHandlerSelectors.any())
.paths(PathSelectors.any())
.build()
.securityContexts(securityContexts())
.securitySchemes(securitySchemes());
}
// 构建 api文档的详细信息函数,注意这里的注解引用的是哪个
private ApiInfo apiInfo(){
return new ApiInfoBuilder()
// 页面标题
.title("云E办接口文档")
// 描述
.description("云E办接口文档")
// 创建人信息
.contact(new Contact("zlh","http:localhost:8081/doc.html","xxxx@xxxx.com"))
// 版本号
.version("1.0")
.build();
}
private List<ApiKey> securitySchemes(){
// 设置请求头信息
List<ApiKey> result = new ArrayList<>();
ApiKey apiKey = new ApiKey("Authorization","Authorization","Header");
result.add(apiKey);
return result;
}
public List<springfox.documentation.spi.service.contexts.SecurityContext> securityContexts(){
// 需要认证的路径
List<springfox.documentation.spi.service.contexts.SecurityContext> result = new ArrayList<>();
result.add(getContextByPath("/hello/.*"));
return result;
}
private springfox.documentation.spi.service.contexts.SecurityContext getContextByPath(String pathRegex) {
return springfox.documentation.spi.service.contexts.SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(PathSelectors.regex(pathRegex))
.build();
}
private List<SecurityReference> defaultAuth() {
List<SecurityReference> result = new ArrayList<>();
AuthorizationScope authorizationScope = new AuthorizationScope("global",
"accessEverythisng");
AuthorizationScope [] authorizationScopes = new AuthorizationScope[1];
authorizationScopes[0] = authorizationScope;
result.add(new SecurityReference("Authorization",authorizationScopes));
return result;
}
}
我也遇到配置了但是访问swagger仍然404的问题,请问楼主解决了吗
在swagger2那加一个后端端口。.host()
@EnableSwagger2
public class Swagger2Config {
@Bean
public Docket createRestApi() {
return new Docket(DocumentationType.SWAGGER_2)
.host("localhost:9000")
.apiInfo(apiInfo())