admin/honey-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

swagger fixes

Browse Source
This commit is contained in:
Mykhailo Svishchov
2026-03-05 14:50:04 +02:00
parent 10304453eb
commit abd18f5692
1 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/main/java/com/honey/honey/config/AdminSecurityConfig.java
View File

@@ -12,14 +12,13 @@ import org.springframework.security.authentication.dao.DaoAuthenticationProvider
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -54,19 +53,17 @@ public class AdminSecurityConfig {
return new ProviderManager(adminAuthenticationProvider()); return new ProviderManager(adminAuthenticationProvider());
} }
/** Permit Swagger UI and OpenAPI docs without authentication (public API documentation). */ /**
* Ignore Swagger/OpenAPI paths so they bypass Spring Security entirely (no 401).
* Using WebSecurityCustomizer is more reliable than a separate SecurityFilterChain on some environments (e.g. Railway).
*/
@Bean @Bean
@Order(1) public WebSecurityCustomizer webSecurityCustomizer() {
public SecurityFilterChain swaggerSecurityFilterChain(HttpSecurity http) throws Exception { return web -> web.ignoring().requestMatchers(
RequestMatcher swaggerMatcher = new OrRequestMatcher(
new AntPathRequestMatcher("/swagger-ui/**"), new AntPathRequestMatcher("/swagger-ui/**"),
new AntPathRequestMatcher("/v3/api-docs"), new AntPathRequestMatcher("/v3/api-docs"),
new AntPathRequestMatcher("/v3/api-docs/**") new AntPathRequestMatcher("/v3/api-docs/**")
); );
http
.securityMatcher(swaggerMatcher)
.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
return http.build();
} }
@Bean @Bean