如何允许swagger ui忽略安全过滤器

5w9g7ksd 于 2021-10-10 发布在 Java

关注(0)|答案(0)|浏览(396)

我正在开发一个RESTAPI服务。所有api请求都必须经过身份验证（用户由jwt令牌授权）。但我想让 swagger 的用户界面忽略这个规则
以下是我的配置：

@Configuration
    public static class JwtConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        JwtTokenProvider jwtTokenProvider;

        @Override
        public void configure(WebSecurity web) throws Exception {
            web
                .ignoring()
                .antMatchers("/swagger-ui/**");
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
            .antMatcher("/api/**").cors()
            .and()
            .csrf().disable()
            .authorizeRequests().antMatchers("/api/**").authenticated()
            .and()
            .apply(new JwtConfigurer(jwtTokenProvider));
        }

}

public class JwtConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
    private JwtTokenProvider jwtTokenProvider;

    public JwtConfigurer(JwtTokenProvider jwtTokenProvider) {
        this.jwtTokenProvider = jwtTokenProvider;
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        JwtTokenFilter customFilter = new JwtTokenFilter(jwtTokenProvider);
        http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
    }
}

public class JwtTokenFilter extends GenericFilterBean {
    private JwtTokenProvider jwtTokenProvider;

    public JwtTokenFilter(JwtTokenProvider jwtTokenProvider) {
        this.jwtTokenProvider = jwtTokenProvider;
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
                throws IOException, ServletException {
            String token = jwtTokenProvider.resolveToken((HttpServletRequest) req);

            if (token != null && jwtTokenProvider.validateToken(token)) {
                Optional<Authentication> authentication = jwtTokenProvider.getAuthentication(token);
                if(authentication.isPresent()) {
                    SecurityContextHolder.getContext().setAuthentication(authentication.get());
                    filterChain.doFilter(req, res);
                } else {
                    responseForbidden(res);
                }
            } else {
                responseForbidden(res);
            }
      }

      private void responseForbidden(ServletResponse res) throws IOException {
            ((HttpServletResponse) res).sendError(HttpServletResponse.SC_FORBIDDEN, "The token is not valid.");
      }
}

现在，所有请求都由 JwtConfigurer . 我做错了什么？

Java spring-boot spring-security JWT

来源：https://stackoverflow.com/questions/67822852/how-to-allow-swagger-ui-to-ignore-the-security-filter