SpringBoot集成Swagger使用SpringSecurity控制访问权限

1.加入swagger依赖

 		 <dependency>
            <groupId>io.springfoxgroupId>
            <artifactId>springfox-swagger2artifactId>
            <version>2.7.0version>
        dependency>
        <dependency>
            <groupId>io.springfoxgroupId>
            <artifactId>springfox-swagger-uiartifactId>
            <version>2.7.0version>
        dependency>

2.编写swagger配置类

@Configuration //声明该类为配置类
@EnableSwagger2 //声明启动Swagger2
public class SwaggerConfig{
    @Bean
    public Docket customDocket() {
        return new Docket(DocumentationType.SWAGGER_2)
                .apiInfo(apiInfo())
                .select()
                .apis(RequestHandlerSelectors.basePackage("com.hu.oneclick.controller"))//扫描的包路径
                .build();
    }
 
    private ApiInfo apiInfo() {
        return new ApiInfoBuilder()
                .title("oneclick")//文档说明
                .version("1.0.0")//文档版本说明
                .build();
    }
}

3.编写SpringSecurity配置类

放开swagger访问资源界面

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/login").anonymous()
                .antMatchers("/user/register").anonymous()
                .antMatchers("/user/sendEmailCode").anonymous()
                .antMatchers("/user/sendEmailRegisterCode").anonymous()
                .antMatchers("/swagger-ui.html").anonymous()
                .antMatchers("/v2/**").anonymous()
                .antMatchers("/swagger-resources/**").anonymous()
                .antMatchers("/webjars/springfox-swagger-ui").anonymous()
                .antMatchers("/webjars/springfox-swagger-ui/**").anonymous()
                .anyRequest().authenticated()
                .and()
                .csrf().disable()
                .formLogin().disable()
                .sessionManagement().disable()
                .cors()
                .and()
                .headers().addHeaderWriter(new StaticHeadersWriter(Arrays.asList(
                new Header("Access-Control-Allow-Origin", "*"),
                new Header("Access-Control-Expose-Headers", "Authorization"))))
                .and()
                .addFilterAfter(new OptionsRequestFilter(), CorsFilter.class)
                .apply(new JsonLoginConfigurer<>()).loginSuccessHandler(jsonLoginSuccessHandler)
                .and()
                .apply(new JwtLoginConfigurer<>()).tokenValidSuccessHandler(jwtRefreshSuccessHandler)
                //设置无权限接口
                .permissiveRequestUrls("/login","/user/register","/user/sendEmailCode",
                        "/user/sendEmailRegisterCode","/swagger-ui.html","/swagger-resources/**",
                        "/v2/**","/webjars/springfox-swagger-ui/**","/webjars/springfox-swagger-ui")
                .and()
                .logout()
                .logoutUrl("/logout")
                .addLogoutHandler(tokenClearLogoutHandler)
                .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
                .and()
                .sessionManagement().disable();
    }

4.启动项目访问swagger地址

http://localhost:8081/swagger-ui.html

即可跳过springsecurity访问swagger

相关

标签