From db5b540b63243f341dcdce3b39bf44009d659514 Mon Sep 17 00:00:00 2001 From: Tihon Date: Sat, 7 Mar 2026 23:33:53 +0200 Subject: [PATCH] swagger availability fix --- .../com/honey/honey/config/AdminSecurityConfig.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/honey/honey/config/AdminSecurityConfig.java b/src/main/java/com/honey/honey/config/AdminSecurityConfig.java index c84fe8d..c9b9c54 100644 --- a/src/main/java/com/honey/honey/config/AdminSecurityConfig.java +++ b/src/main/java/com/honey/honey/config/AdminSecurityConfig.java @@ -64,7 +64,8 @@ public class AdminSecurityConfig { /** * Swagger/OpenAPI docs: permitAll with highest precedence so the default Spring Boot chain * (which requires auth for /**) never handles these paths. Includes webjars and resources - * so the UI can load CSS/JS. + * so the UI can load CSS/JS. Also matches /api/swagger-ui/** and /api/v3/api-docs/** so + * Swagger behind nginx at a secret path (e.g. /secret/swagger-ui/ -> /api/swagger-ui/) is public. */ @Bean @Order(Ordered.HIGHEST_PRECEDENCE) @@ -76,7 +77,14 @@ public class AdminSecurityConfig { new AntPathRequestMatcher("/v3/api-docs/**"), new AntPathRequestMatcher("/webjars/**"), new AntPathRequestMatcher("/swagger-resources/**"), - new AntPathRequestMatcher("/configuration/**") + new AntPathRequestMatcher("/configuration/**"), + new AntPathRequestMatcher("/api/swagger-ui/**"), + new AntPathRequestMatcher("/api/swagger-ui.html"), + new AntPathRequestMatcher("/api/v3/api-docs"), + new AntPathRequestMatcher("/api/v3/api-docs/**"), + new AntPathRequestMatcher("/api/webjars/**"), + new AntPathRequestMatcher("/api/swagger-resources/**"), + new AntPathRequestMatcher("/api/configuration/**") ); http .securityMatcher(swaggerMatcher)