Mobile versionCode: Select all
org.springframework.cloud
spring-cloud-starter-parent
Hoxton.SR10
...
org.springdoc
springdoc-openapi-ui
1.5.5
< BR /> Das Problem mit der Federsicherheit mit derselben Konfiguration < /h1>
Wir haben ein Problem, wenn Springdoc-OpenAPI-UI, Springdoc-OpenAPI-Sezial zusammen mit Spring- Boot-Starter-Security und KeyCloak-Spring-Boot-Starter.
Code: Select all
org.springdoc
springdoc-openapi-security
1.5.5
org.keycloak
keycloak-spring-boot-starter
12.0.2
org.springframework.boot
spring-boot-starter-security
2.4.2
< /code>
DummySecurityConfig (Profile Dev wird derzeit verwendet): < /p>
@Profile({"test", "dev"})
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true)
@EnableWebMvc
public class DummySecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {
protected static final String[] ACTUATOR_WHITELIST = {
"/actuator/**"
};
protected static final String[] SWAGGER_WHITELIST = {
"/v3/api-docs/**",
"/swagger-ui/**",
"/swagger-ui.html",
};
@Value("${client.cors.allowed-origins:*}")
private String[] allowedOrigins;
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic(); //or anything else, e.g. .oauth2ResourceServer().jwt()
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(authenticationProvider());
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers(SWAGGER_WHITELIST)
.antMatchers(ACTUATOR_WHITELIST);
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins(allowedOrigins);
}
@Bean
public AuthenticationProvider authenticationProvider() {
AuthenticationProvider authenticationProvider = new AuthenticationProvider() {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_" + authentication.getPrincipal().toString().toUpperCase());
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
authentication.getPrincipal(), authentication.getCredentials(), Collections.singleton(authority));
token.setDetails(authentication);
return token;
}
@Override
public boolean supports(Class aClass) {
return true;
}
};
return authenticationProvider;
}
}
< /code>
SecurityConfig (in den Beispielen nicht verwendet, wird aber auch in Zukunft verwendet): < /p>
@Profile({"staging", "devstaging"})
@KeycloakConfiguration
@EnableGlobalMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true)
@EnableWebMvc
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter implements WebMvcConfigurer {
protected static final String[] ACTUATOR_WHITELIST = {
"/actuator/**"
};
protected static final String[] SWAGGER_WHITELIST = {
"/v3/api-docs/**",
"/swagger-ui/**",
"/swagger-ui.html",
};
@Value("${client.cors.allowed-origins:*}")
private String[] allowedOrigins;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
SimpleAuthorityMapper grantedAuthorityMapper = new SimpleAuthorityMapper();
grantedAuthorityMapper.setConvertToUpperCase(true);
grantedAuthorityMapper.setPrefix("ROLE_");
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(grantedAuthorityMapper);
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers(SWAGGER_WHITELIST)
.antMatchers(ACTUATOR_WHITELIST);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable()
.cors().and()
.authorizeRequests().anyRequest().authenticated();
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins(allowedOrigins);
}
}
< /code>
Application-dev.yml:
server:
port: 8083
servlet:
context-path: /planning
keycloak:
enabled: false
springdoc:
show-actuator: true
< /code>
Wir haben bereits versucht, folgende Links zu verwenden, um das Problem zu lösen: < /p>
[list]
[*] SPRECK -Sicherheitsunterstützung < /li>
Ermöglichen Sie den anonymen Zugriff auf Springdoc-Openapi-UI mit Frühlingssicherheit
[*] Swagger UI Umleitungsregelung zu /swagger-ui/index.html?configurl=/v3/api-docs/ Swagger-config
[*]f.a.q
[/list]
Beispiele für das Öffnen der Swagger-UI-URLs (Profile dev):
http://localhost:8083/planning/swagger-ui.html (funktioniert nicht):
Code -Snippet der Anwendung:
2021-03-05 09:27:01,530 [http-nio-8083-exec-1] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [/planning] threw exception [Could not resolve view with name 'redirect:/swagger-ui/index.html?configUrl=/planning/v3/api-docs/swagger-config' in servlet with name 'dispatcherServlet'] with root cause
javax.servlet.ServletException: Could not resolve view with name 'redirect:/swagger-ui/index.html?configUrl=/planning/v3/api-docs/swagger-config' in servlet with name 'dispatcherServlet'
at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1373)
at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1138)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1077)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:962)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
http://localhost:8083/planning/swagger-ui/index.html (Hinzufügen von API-DOCs"/Planung/v3/ API-Docs "funktioniert auch manuell):
< /p>
Haben Sie irgendwelche Ideen? Was könnte sonst noch falsch konfiguriert sein oder was sollten wir ändern? Wir sind am Ende unseres Lateins.
