Spring Security - 配置免认证访问 Swagger

Spring Boot 2.2.4.RELEASE

Spring Security 5.2.1.RELEASE

---

新建 Spring Boot 项目，引入依赖：

<project>
    <properties>
        <java.version>1.8java.version>
        <springfox-swagger2.version>2.9.2springfox-swagger2.version>
        <springfox-swagger-ui.version>2.9.2springfox-swagger-ui.version>
    properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.bootgroupId>
            <artifactId>spring-boot-starter-securityartifactId>
        dependency>

        <dependency>
            <groupId>org.springframework.bootgroupId>
            <artifactId>spring-boot-starter-webartifactId>
        dependency>

        ...

        <dependency>
            <groupId>io.springfoxgroupId>
            <artifactId>springfox-swagger2artifactId>
            <version>${springfox-swagger2.version}version>
        dependency>
        <dependency>
            <groupId>io.springfoxgroupId>
            <artifactId>springfox-swagger-uiartifactId>
            <version>${springfox-swagger-ui.version}version>
        dependency>
    dependencies>
project>

新建 Swagger 配置类：

import java.util.ArrayList;
import java.util.List;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.ParameterBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.schema.ModelRef;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.service.Parameter;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

@Configuration
@EnableSwagger2
public class SwaggerConfig {

    // 默认的 API 文档地址：http://localhost:8080/swagger-ui.html
    
    @Bean
    public Docket docket() {
        ParameterBuilder parameterBuilder = new ParameterBuilder();
        List<Parameter> parameters = new ArrayList<>();
        parameterBuilder.name("Authorization") // Updates the parameter name
            .description("JSON Web Token")
            .modelRef(new ModelRef("string"))
            .parameterType("header")
            .required(false)
            .build();
        parameters.add(parameterBuilder.build());
        
        return new Docket(DocumentationType.SWAGGER_2)
            // Sets the api's meta information as included in the json ResourceListing response.
            .apiInfo(apiInfo())
            // Initiates a builder for api selection.
            .select()
            // Any RequestHandler satisfies this condition
            .apis(RequestHandlerSelectors.any()) 
            // Any path satisfies this condition
            .paths(PathSelectors.any())
            .build()
            // Adds default parameters which will be applied to all operations.
            .globalOperationParameters(parameters);
    }
    
    private ApiInfo apiInfo() {
        return new ApiInfoBuilder() // Builds the api information
                .title("Spring Boot API Document")
                .description("")
                .version("1.0.0")
                .build();
    }
}

启动项目，在添加了 Spring Security 之后，默认情况下，需要登录成功之后才能访问相应的接口。直接访问 http://localhost:8080/swagger-ui.html 会被重定向至 http://localhost:8080/login：

新建配置类，继承自 WebSecurityConfigurerAdapter，重写 configure(HttpSecurity) 方法：

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/swagger-ui.html").permitAll()
                .antMatchers("/webjars/**").permitAll()
                .antMatchers("/swagger-resources/**").permitAll()
                .antMatchers("/v2/*").permitAll()
                .antMatchers("/csrf").permitAll()
                .antMatchers("/").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
            ;
    }
}

重启项目，直接访问 http://localhost:8080/swagger-ui.html 不会被重定向至登录页面：