admin/honey-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added swagger

Browse Source
This commit is contained in:
Mykhailo Svishchov
2026-03-05 14:44:11 +02:00
parent 89e8397c97
commit 10304453eb
4 changed files with 69 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pom.xml
View File

@@ -99,6 +99,13 @@
<artifactId>spring-boot-starter-security</artifactId> <artifactId>spring-boot-starter-security</artifactId>
</dependency> </dependency>
<!-- OpenAPI / Swagger (public API docs only; admin excluded) -->
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
<version>2.5.0</version>
</dependency>
<!-- JWT --> <!-- JWT -->
<dependency> <dependency>
<groupId>io.jsonwebtoken</groupId> <groupId>io.jsonwebtoken</groupId>

20
src/main/java/com/honey/honey/config/AdminSecurityConfig.java
View File

@@ -5,6 +5,7 @@ import com.honey.honey.security.admin.JwtAuthenticationFilter;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@@ -16,6 +17,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -50,7 +54,23 @@ public class AdminSecurityConfig {
return new ProviderManager(adminAuthenticationProvider()); return new ProviderManager(adminAuthenticationProvider());
} }
/** Permit Swagger UI and OpenAPI docs without authentication (public API documentation). */
@Bean @Bean
@Order(1)
public SecurityFilterChain swaggerSecurityFilterChain(HttpSecurity http) throws Exception {
RequestMatcher swaggerMatcher = new OrRequestMatcher(
new AntPathRequestMatcher("/swagger-ui/**"),
new AntPathRequestMatcher("/v3/api-docs"),
new AntPathRequestMatcher("/v3/api-docs/**")
);
http
.securityMatcher(swaggerMatcher)
.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
return http.build();
}
@Bean
@Order(2)
public SecurityFilterChain adminSecurityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain adminSecurityFilterChain(HttpSecurity http) throws Exception {
http http
.securityMatcher("/api/admin/**") .securityMatcher("/api/admin/**")

33
src/main/java/com/honey/honey/config/OpenApiConfig.java Normal file
View File

@@ -0,0 +1,33 @@
package com.honey.honey.config;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.info.Info;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springdoc.core.models.GroupedOpenApi;
/**
* OpenAPI / Swagger configuration for the public API only.
* Admin endpoints (/api/admin/**) are excluded from the documentation.
*/
@Configuration
public class OpenApiConfig {
@Bean
public GroupedOpenApi publicApi() {
return GroupedOpenApi.builder()
.group("public")
.pathsToMatch("/**")
.pathsToExclude("/api/admin/**")
.build();
}
@Bean
public OpenAPI honeyOpenAPI() {
return new OpenAPI()
.info(new Info()
.title("Honey Public API")
.description("API for the Honey frontend. Admin panel endpoints are not included.")
.version("1.0"));
}
}

9
src/main/resources/application.yml
View File

@@ -128,6 +128,15 @@ app:
geoip: geoip:
db-path: ${GEOIP_DB_PATH:} db-path: ${GEOIP_DB_PATH:}
# OpenAPI / Swagger (public API only; admin endpoints excluded via OpenApiConfig)
springdoc:
api-docs:
path: /v3/api-docs
swagger-ui:
path: /swagger-ui.html
default-consumes-media-type: application/json
default-produces-media-type: application/json
# Logging configuration moved to logback-spring.xml # Logging configuration moved to logback-spring.xml
# To use external logback-spring.xml on VPS, set system property: # To use external logback-spring.xml on VPS, set system property:
# -Dlogging.config=/path/to/logback-spring.xml # -Dlogging.config=/path/to/logback-spring.xml