我的项目有Spring Security。主要问题:无法访问http:// localhost:8080 / api / v2 / api- docs上的大写URL 。它说缺少或无效的授权标头。
浏览器窗口的屏幕快照 我的pom.xml具有以下条目
<dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> <version>2.4.0</version> </dependency> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-ui</artifactId> <version>2.4.0</version> </dependency>
SwaggerConfig:
@Configuration @EnableSwagger2 public class SwaggerConfig { @Bean public Docket api() { return new Docket(DocumentationType.SWAGGER_2).select() .apis(RequestHandlerSelectors.any()) .paths(PathSelectors.any()) .build() .apiInfo(apiInfo()); } private ApiInfo apiInfo() { ApiInfo apiInfo = new ApiInfo("My REST API", "Some custom description of API.", "API TOS", "Terms of service", "myeaddress@company.com", "License of API", "API license URL"); return apiInfo; }
AppConfig:
@Configuration @EnableWebMvc @ComponentScan(basePackages = { "com.musigma.esp2" }) @Import(SwaggerConfig.class) public class AppConfig extends WebMvcConfigurerAdapter { // ========= Overrides =========== @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new LocaleChangeInterceptor()); } @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("swagger-ui.html") .addResourceLocations("classpath:/META-INF/resources/"); registry.addResourceHandler("/webjars/**") .addResourceLocations("classpath:/META-INF/resources/webjars/"); }
web.xml条目:
<context-param> <param-name>contextConfigLocation</param-name> <param-value> com.musigma.esp2.configuration.AppConfig com.musigma.esp2.configuration.WebSecurityConfiguration com.musigma.esp2.configuration.PersistenceConfig com.musigma.esp2.configuration.ACLConfig com.musigma.esp2.configuration.SwaggerConfig </param-value> </context-param>
WebSecurityConfig:
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @ComponentScan(basePackages = { "com.musigma.esp2.service", "com.musigma.esp2.security" }) public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity .csrf() .disable() .exceptionHandling() .authenticationEntryPoint(this.unauthorizedHandler) .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .authorizeRequests() .antMatchers("/auth/login", "/auth/logout").permitAll() .antMatchers("/api/**").authenticated() .anyRequest().authenticated(); // custom JSON based authentication by POST of {"username":"<name>","password":"<password>"} which sets the token header upon authentication httpSecurity.addFilterBefore(loginFilter(), UsernamePasswordAuthenticationFilter.class); // custom Token based authentication based on the header previously given to the client httpSecurity.addFilterBefore(new StatelessTokenAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class); } }
将其添加到WebSecurityConfiguration类应该可以解决问题。
@Configuration public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/security", "/swagger-ui.html", "/webjars/**"); } }