【问题标题】:Swagger UI empty and gives 403Swagger UI 为空并给出 403
【发布时间】:2018-02-01 16:52:11
【问题描述】:

我正在使用 Spring Boot,并且我已将 swagger 添加到我的依赖项中:

<dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-swagger2</artifactId>
        <version>2.8.0</version>
    </dependency>
    <dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-swagger-ui</artifactId>
        <version>2.8.0</version>
    </dependency>

我的配置:

@Configuration
@EnableSwagger2
public class SwaggerConfiguration {
    @Bean
    public Docket api() {
        return new Docket(DocumentationType.SWAGGER_2)
                .select()
                .apis(RequestHandlerSelectors.any())
                .paths(PathSelectors.any())
                .build();
    }
}

当我去这个网址时:

http://localhost:8080/v2/api-docs 它有效,我得到了 json。

大摇大摆的uihttp://localhost:8080/swagger-ui.html

现在只是一个空白页面,当我在 chrome 中检查网络选项卡时,我看到了这个:

Failed to load resource: the server responded with a status of 403 ()
swagger-ui-standalone-preset.js Failed to load resource: the server responded with a status of 403 ()
swagger-ui.css Failed to load resource: the server responded with a status of 403 ()
springfox.js Failed to load resource: the server responded with a status of 403 ()
swagger-ui-bundle.js Failed to load resource: the server responded with a status of 403 ()
swagger-ui-standalone-preset.js Failed to load resource: the server responded with a status of 403 ()
springfox.js Failed to load resource: the server responded with a status of 403 ()
webjars/springfox-swagger-ui/favicon-32x32.png?v=2.8.0-SNAPSHOT Failed to load resource: the server responded with a status of 403 ()
webjars/springfox-swagger-ui/favicon-16x16.png?v=2.8.0-SNAPSHOT Failed to load resource: the server responded with a status of 403 ()
springfox.css Failed to load resource: the server responded with a status of 403 ()
swagger-ui.css Failed to load resource: the server responded with a status of 403 ()

我正在使用 Spring Boot 安全性并将其添加到我的安全性配置中:

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/v2/api-docs/**");
    web.ignoring().antMatchers("/swagger.json");
    web.ignoring().antMatchers("/swagger-ui.html");
}

有人可以帮帮我吗?

【问题讨论】:

  • 招摇链接不应该是http://localhost:8080/v2/api-docs/swagger-ui.html吗?
  • 在那个链接上我得到一个 404

标签: spring-boot swagger-ui swagger-2.0


【解决方案1】:

尝试在忽略列表中添加以下资源,

  • /swagger-resources/**
  • /webjars/**

这是完整的例子,

@Override
public void configure(WebSecurity web) throws Exception {    
    web.ignoring().antMatchers("/v2/api-docs/**");
    web.ignoring().antMatchers("/swagger.json");
    web.ignoring().antMatchers("/swagger-ui.html");
    web.ignoring().antMatchers("/swagger-resources/**");
    web.ignoring().antMatchers("/webjars/**");
}

【讨论】:

  • 非常感谢!
  • @Indra Basak:非常感谢!我有一个后续问题。是否存在允许 webjar 可见的安全风险?
  • @ssimm WebJars 只是打包为 JAR 文件的客户端依赖项。它通常包含所有的 Javascript、HTML、CSS 文件等。如果不将它们添加到忽略列表中,Swagger 资源将无法在客户端(浏览器)端使用。
  • 我认为@ssimm 是对的。我们需要保护 Swagger 服务的资源。我能够保护 /swagger-ui/ 端点,但我现在在其他资源上获得 403。
  • @chaitanyaguruprasad 您可以使用带有 swagger 的基本身份验证来保护您的端点,但需要有可用资源来呈现 swagger 登录页面。
【解决方案2】:

您必须在 Spring 安全配置中显式忽略所有需要的静态资源,以便招摇。您从网络选项卡收到的错误消息表明浏览器能够加载swagger-ui.html 文件,但无法加载相关的.js/.css/images/icons,因为它们在您的安全配置中没有被忽略。

试试这个解决方案:

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security", "/swagger-ui.html", "/webjars/**");
    }

}

stackoverflow 相关帖子:How to configure Spring Security to allow Swagger URL to be accessed without authentication

【讨论】:

  • 如果错误仍然存​​在,您应该在 Swagger 配置中扩展 WebMvcConfigurationSupport 并覆盖 addResourceHandler,如下所示:@Override protected void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("swagger-ui.html") .addResourceLocations (“类路径:/META-INF/resources/”); registry.addResourceHandler("/webjars/**") .addResourceLocations("classpath:/META-INF/resources/webjars/"); }
【解决方案3】:

我缺少的是在 Swagger 配置中扩展 WebMvcConfigurationSupport 并覆盖 addResourceHandlers 方法,如下所示:

@Configuration
@EnableSwagger2
public class SwaggerConfig extends WebMvcConfigurationSupport{

    @Bean
    public Docket api() {

    }

    private ApiInfo metadata() {
    }

    @Override
    protected void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("swagger-ui.html")
                .addResourceLocations("classpath:/META-INF/resources/");

        registry.addResourceHandler("/webjars/**")
                .addResourceLocations("classpath:/META-INF/resources/webjars/");
    }

}

【讨论】:

    【解决方案4】:

    @joebala 的回答也对我有用。但是如果你想要实现而不是扩展,你可以使用WebMvcConfigurer接口:

    public class SwaggerConfig implements WebMvcConfigurer {
    
       @Override
       public void addResourceHandlers(ResourceHandlerRegistry registry) {
    
           registry
                .addResourceHandler("swagger-ui.html")
                .addResourceLocations("classpath:/META-INF/resources/");
    
           registry
                .addResourceHandler("/webjars/**")
                .addResourceLocations("classpath:/META-INF/resources/webjars/");
       }
    
    // your other configuration
    }
    

    【讨论】:

      猜你喜欢
      • 2022-01-16
      • 1970-01-01
      • 2023-01-04
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2021-08-25
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多