Login/Register
Swagger UI empty and gives 403
Asked Answered
Solved spring-bootswagger-uiswagger-2.0
B

4

4

I'm using spring boot and I've added swagger to my dependencies:

<dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-swagger2</artifactId>
        <version>2.8.0</version>
    </dependency>
    <dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-swagger-ui</artifactId>
        <version>2.8.0</version>
    </dependency>

My configuration:

@Configuration
@EnableSwagger2
public class SwaggerConfiguration {
    @Bean
    public Docket api() {
        return new Docket(DocumentationType.SWAGGER_2)
                .select()
                .apis(RequestHandlerSelectors.any())
                .paths(PathSelectors.any())
                .build();
    }
}

When I go this url:

http://localhost:8080/v2/api-docs it works and I get the json back.

The swagger ui http://localhost:8080/swagger-ui.html

Is just an empty page now when I inspect the network tab in chrome I see this:

Failed to load resource: the server responded with a status of 403 ()
swagger-ui-standalone-preset.js Failed to load resource: the server responded with a status of 403 ()
swagger-ui.css Failed to load resource: the server responded with a status of 403 ()
springfox.js Failed to load resource: the server responded with a status of 403 ()
swagger-ui-bundle.js Failed to load resource: the server responded with a status of 403 ()
swagger-ui-standalone-preset.js Failed to load resource: the server responded with a status of 403 ()
springfox.js Failed to load resource: the server responded with a status of 403 ()
webjars/springfox-swagger-ui/favicon-32x32.png?v=2.8.0-SNAPSHOT Failed to load resource: the server responded with a status of 403 ()
webjars/springfox-swagger-ui/favicon-16x16.png?v=2.8.0-SNAPSHOT Failed to load resource: the server responded with a status of 403 ()
springfox.css Failed to load resource: the server responded with a status of 403 ()
swagger-ui.css Failed to load resource: the server responded with a status of 403 ()

I'm using spring boot security and I added this to my security configuration:

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/v2/api-docs/**");
    web.ignoring().antMatchers("/swagger.json");
    web.ignoring().antMatchers("/swagger-ui.html");
}

Can somebody help me?

Baum answered 1/2, 2018 at 16:52 Comment(2)
Shouldn't the swagger link be http://localhost:8080/v2/api-docs/swagger-ui.html?Kirschner
On that link I get a 404Baum
T
10

Try adding the following resources in the ignored list,

  • /swagger-resources/**
  • /webjars/**

Here is the complete example,

@Override
public void configure(WebSecurity web) throws Exception {    
    web.ignoring().antMatchers("/v2/api-docs/**");
    web.ignoring().antMatchers("/swagger.json");
    web.ignoring().antMatchers("/swagger-ui.html");
    web.ignoring().antMatchers("/swagger-resources/**");
    web.ignoring().antMatchers("/webjars/**");
}
Tourney answered 1/2, 2018 at 19:1 Comment(5)
Thank you so much!Baum
@Indra Basak : thanks muchly! I have a follow up question. Is there a security risk allowing the webjars to be visible?Wilhelmina
@Wilhelmina WebJars are just client-side dependencies packaged as JAR files. It usually contains all Javascript, HTML, CSS files, etc. If you don't add them to the ignore list, Swagger resources will not be available on the client (browser) side.Tourney
I think @Wilhelmina is right. We need to protect the resources served by Swagger. I am able to secure /swagger-ui/ end point but I am now getting 403 on other resources.Genie
@chaitanyaguruprasad You can use basic authentication with swagger to protect your endpoints but resources need to be available to render the swagger landing page.Tourney
P
6

You have to explicit ignore all your required static resources for swagger in your Spring Security Configuration. The error message you get from the network tab indicates that the browser is able to load the swagger-ui.html file but is unable to load the related .js/.css/images/iconsbecause they are not ignored in your Security Configuration.

Try this solution:

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security", "/swagger-ui.html", "/webjars/**");
    }

}

Related stackoverflow post: How to configure Spring Security to allow Swagger URL to be accessed without authentication

Pasquil answered 1/2, 2018 at 18:59 Comment(1)
If the error persists you should extends WebMvcConfigurationSupport in the Swagger config and override addResourceHandler as below: @Override protected void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("swagger-ui.html") .addResourceLocations("classpath:/META-INF/resources/"); registry.addResourceHandler("/webjars/**") .addResourceLocations("classpath:/META-INF/resources/webjars/"); }Twiddle
T
0

What I was missing was extending the WebMvcConfigurationSupport in the Swagger config and Overriding the addResourceHandlers method as below:

@Configuration
@EnableSwagger2
public class SwaggerConfig extends WebMvcConfigurationSupport{

    @Bean
    public Docket api() {

    }

    private ApiInfo metadata() {
    }

    @Override
    protected void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("swagger-ui.html")
                .addResourceLocations("classpath:/META-INF/resources/");

        registry.addResourceHandler("/webjars/**")
                .addResourceLocations("classpath:/META-INF/resources/webjars/");
    }

}
Twiddle answered 25/8, 2018 at 13:59 Comment(0)
R
0

@joebala answer worked for me too. But if you want implements instead of extends, you can use WebMvcConfigurer interface:

public class SwaggerConfig implements WebMvcConfigurer {

   @Override
   public void addResourceHandlers(ResourceHandlerRegistry registry) {

       registry
            .addResourceHandler("swagger-ui.html")
            .addResourceLocations("classpath:/META-INF/resources/");

       registry
            .addResourceHandler("/webjars/**")
            .addResourceLocations("classpath:/META-INF/resources/webjars/");
   }

// your other configuration
}
Ribbing answered 5/6, 2021 at 12:8 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.