使用 Spring Security 6 保护 Swagger 端点

问题描述 投票:0回答:0

我一直坚持使用新的 spring security 6 为我的网关微服务保护我的 swagger 端点,我已经检查了很多解决方案但没有一个有效,我打算保护以下端点:“/webjars/swagger-ui/ "、"/swagger-ui/" 和 "/swagger-ui.html";我想在内存存储中保存用户详细信息以在春季访问这些端点,但不幸的是,它一直在我的日志中给我这个自动生成的密码供我使用,我尝试使用 @SpringBootApplication 注释的排除属性,但仍然无法正常工作,以下是我的代码,请以任何方式提供帮助,谢谢

网关 pom.xml

<dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-gateway</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-config</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>io.micrometer</groupId>
            <artifactId>micrometer-registry-prometheus</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-starter-webflux-api</artifactId>
            <version>2.0.2</version>
        </dependency>
        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-starter-webflux-ui</artifactId>
            <version>2.0.2</version>
        </dependency>

我的安全配置类

@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
    @Bean
    public SecurityWebFilterChain filterChain(ServerHttpSecurity httpSecurity) throws Exception {
        return httpSecurity.csrf().disable()
                .authorizeExchange()
                .pathMatchers("/api/**")
                .permitAll()
                .and()
                .authorizeExchange()
                .pathMatchers("/webjars/swagger-ui/**", "/swagger-ui/**", "/swagger-ui.html")
                .authenticated().and().httpBasic().and().build();
    }

    @Bean
    public UserDetailsService users() {
        UserDetails user = User.builder()
                .username("user1")
                .password(passwordEncoder().encode("password"))
                .roles("USER")
                .build();
        System.out.println(user.getPassword());
        return new InMemoryUserDetailsManager(user);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

我的 ApiGateway 应用类

@SpringBootApplication
public class ApiGatewayApplication {

    public static void main(String[] args) {
        SpringApplication.run(ApiGatewayApplication.class, args);
    }
}
spring-boot spring-security swagger api-gateway springdoc
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.