* Since the team’s business needs have recently been working on write permissions, using the framework SpringSecurity for URL interception, the question is how to use Swagger with path interception? Solve the problem as follows #### Import Swagger dependency packages
<! --swagger--> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> The < version > 2.7.0 < / version > < / dependency > <! --swaggerUI--> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-ui</artifactId> The < version > 2.7.0 < / version > < / dependency >Copy the code
Swagger Api configuration
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
@Configuration
@EnableSwagger2
public class Swagger2Configuration {
@Bean
public Docket createRestApi() {
return new Docket(DocumentationType.SWAGGER_2)
.apiInfo(apiInfo())
.select()
.apis(RequestHandlerSelectors.basePackage("com.jjmy.qingmu"))
.paths(PathSelectors.any())
.build();
}
private ApiInfo apiInfo() {
return new ApiInfoBuilder()
.title("Qingmu Mall")
.description("Qingmu Mall API document")
// .termsOfServiceUrl("/")
.version("1.0") .build(); }}Copy the code
- The @enableswagger2 annotation scans the Controller layer APIS
- Swagger specific how to use in the Api can refer to this blog www.cnblogs.com/jstarseven/…
The SpringSecurity configuration permits the Swagger path as follows
/** * Ignore the intercepting URL or static resource folder - web.ignoring(): the URL will be filtered directly - it will not pass through the Spring Security filter chain * http.permitall (): Springsecurity authentication is not circumvented, * * @param web * @throws Exception */ @override public void configure(WebSecurity Web) throws Exception { // Swagger Web.Ignoring ().antmatchers (httpmethod.get, httpmethod.get)"/v2/api-docs"."/swagger-resources"."/swagger-resources/**"."/configuration/ui"."/configuration/security"."/swagger-ui.html/**"."/webjars/**");
}
Copy the code
The SpringSecurity intercept path is as follows
@Override protected void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable() .authorizerequests () // Everything else is allowed. AnyRequest ().permitAll().and().addFilter(new) JWTAuthenticationFilter(authenticationManager())) .addFilter(new JWTAuthorizationFilter(authenticationManager())) // Don't need the session. SessionManagement (.) sessionCreationPolicy (sessionCreationPolicy. STATELESS). And () .exceptionHandling().authenticationEntryPoint(new JWTAuthenticationEntryPoint()) .accessDeniedHandler(new JWTAccessDeniedHandler()); / / add the right to limit processing ExpressionUrlAuthorizationConfigurer < HttpSecurity >. ExpressionInterceptUrlRegistry registry = http.antMatcher("/ * *").authorizeRequests(); / / not login authentication exception HTTP. ExceptionHandling () authenticationEntryPoint (new JWTAuthenticationEntryPoint ()); Http.exceptionhandling ().AccessdeniedHandler (new JWTAccessDeniedHandler()); / / url access authentication processing registry. WithObjectPostProcessor (new ObjectPostProcessor < FilterSecurityInterceptor > () {@ Override public < O extends FilterSecurityInterceptor> O postProcess(O o) { o.setSecurityMetadataSource(urlFilterInvocationSecurityMetadataSource); // o.setAccessDecisionManager(urlAccessDecisionManager);returno; }}); }Copy the code