我正试图让 Swagger 支持我们的基本身份验证。它应该提示输入用户名/密码才能查看。目前我已经写了这样的
filterChain@Configuration
@EnableWebSecurity
class SecurityConfig {
@Value("\${spring.security.user.name}")
private val userName: String? = null
@Value("\${spring.user.password}")
private val password: String? = null
@Value("\${server.servlet.context-path}")
private val contextPath: String? = null
@Autowired
lateinit var schoolAuthenticationEntryPoint: SchoolAuthenticationEntryPoint
@Bean
fun passwordEncoder(): PasswordEncoder {
return SchoolPasswordDelegation().createDelegatingPasswordEncoder()
}
@Bean
@Throws(Exception::class)
fun userDetailsService(): InMemoryUserDetailsManager? {
val userDetails : UserDetails = User.withUsername(userName).password(passwordEncoder().encode(password)).roles("USER").build()
return InMemoryUserDetailsManager(userDetails)
}
@Throws(Exception::class)
@Bean
fun filterChain(httpSecurity : HttpSecurity) : SecurityFilterChain {
httpSecurity.csrf().disable()
httpSecurity.authorizeRequests {
authorize -> authorize
.antMatchers("/class/**").hasRole("USER")
.antMatchers("/students/**").hasRole("USER")
.antMatchers("/results/**").hasRole("USER")
.antMatchers("/v3/**", "/swagger-ui.html", "/swagger-ui/**").hasRole("USER")
.and().httpBasic()
}.exceptionHandling().authenticationEntryPoint(schoolAuthenticationEntryPoint)
return httpSecurity.build()
}
}
但是当我尝试使用
https://localhost:8443/school/swagger-ui/index.html{“错误”:{“消息”:[“用户无权访问系统。”]}}
你能告诉我我做错了什么吗?我怀疑这与
hasRole()我正在使用 SpringDoc 版本 1.6.15
<!-- https://mvnrepository.com/artifact/org.springdoc/springdoc-openapi-security -->
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-security</artifactId>
<version>1.6.15</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springdoc/springdoc-openapi-ui -->
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.6.15</version>
</dependency>