我正在使用Spring Boot:v2.0.3.RELEASE和Spring Fox:v2.9.2。
尝试访问http://127.0.0.1:8080/swagger-ui.html会导致:
无法推断基本网址。这在使用动态servlet时很常见 注册或API位于API网关后面。基本网址是 服务所有招摇资源的根。例如如果 可以在http://example.org/api/v2/api-docs获得api,然后 基本网址是http://example.org/api/。请输入位置 手动:
反复单击弹出栏中的“确定”无效。
这是我的Spring Security配置:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
private UserDetailsService userDetailsService;
private BCryptPasswordEncoder bCryptPasswordEncoder;
private SecurityProperties securityProperties;
private AppProperties AppProperties;
public WebSecurityConfig(UserDetailsService userDetailsService,
BCryptPasswordEncoder bCryptPasswordEncoder,
SecurityProperties securityProperties,
AppProperties AppProperties) {
this.userDetailsService = userDetailsService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
this.securityProperties = securityProperties;
this.AppProperties = AppProperties;
}
@Configuration
@Order(1)
public class BasicAuthenticationConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/admin/**")
.csrf().disable()
.httpBasic().and()
.authorizeRequests().anyRequest().hasRole("ADMIN").and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser(AppProperties.getAdminUsername())
.password(bCryptPasswordEncoder.encode(AppProperties.getAdminPassword()))
.roles("ADMIN");
}
}
@Configuration
@Order(2)
public class TokenAuthenticationConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
cors().and().csrf().disable()
.authorizeRequests()
.antMatchers("/no-auth/**").permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(securityProperties, authenticationManager()))
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/v2/api-docs", "**/swagger-resources/**", "/swagger-ui.html", "/webjars/**")
.antMatchers(HttpMethod.OPTIONS, "/**");
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.applyPermitDefaultValues();
corsConfiguration.setAllowedOrigins(Collections.singletonList("*"));
corsConfiguration.setAllowedMethods(Arrays.asList("GET", "POST", "DELETE"));
corsConfiguration.setMaxAge(3600L);
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfiguration);
return source;
}
}
}
这是SpringFox的配置:
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Autowired
private AppProperties AppProperties;
@Bean
public WebMvcConfigurer mvcConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("swagger-ui.html")
.addResourceLocations("classpath:/META-INF/resources/");
registry.addResourceHandler("/webjars/**")
.addResourceLocations("classpath:/META-INF/resources/webjars/");
}
};
}
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.groupName("foo-api")
.apiInfo(apiInfo())
.useDefaultResponseMessages(false)
.produces(Collections.singleton("application/json"))
.select()
.apis(RequestHandlerSelectors.any())
.paths(PathSelectors.any())
.build();
}
private ApiInfo apiInfo() {
return new ApiInfoBuilder()
.title("Foo API")
.termsOfServiceUrl(AppProperties.getApiTosUrl())
.version("1.0").build();
}
}
在我的Spring-Security Configuration中,我尝试按照一般建议排除所有Spring-Fox路径,但没有任何效果。怎么了?