I have a java springboot maven project where I want to have some sort of automatic client code generator that'll create my client side code. I firstly have to use openAPI/swagger to document my api, generate the json of this information and then generate the client-side code. The issue is I implemented jwt using the version 0.12.3 of jjwt and every time I try to access any swagger endpoints (eg: http://localhost:9090/auto-pass/v3/api-docs) a 403 status code gets thrown and I have absolutely no idea why (btw my context path is auto-pass)
I first tried every different swagger and openAPI dependency and settled with these
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-starter-webmvc-api</artifactId>
<version>2.3.0</version>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
<version>2.3.0</version>
</dependency>
I then tried to tweak my security configs a whole bunch to try to ignore the endpoints I'm accessing
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.cors(AbstractHttpConfigurer::disable)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(authorize -> authorize
.requestMatchers(HttpMethod.POST, "/api/signup", "/api/login").permitAll()
.requestMatchers("/auto-pass/v3/api-docs", "/auto-pass/v2/api-docs", "/auto-pass/swagger-resources/**", "/auto-pass/**", "/auto-pass/swagger-ui.html", "/auto-pass/v3/api-docs/**", "/auto-pass/api-docs/**", "/auto-pass/api-docs", "/auto-pass/index.html", "/swagger-ui.html", "/v2/api-docs", "/webjars/**").permitAll()
.anyRequest().authenticated()
)
.authenticationProvider(authenticationProvider())
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
I thought maybe just adding a bunch of these endpoints I found all over stack overflow would work but nothing ever resolved my problem.
I also thought about possibly needing a swagger config class but most documentation online on openAPI stated that anything other than putting the mvn dependency is only optional and that the swaggerUI html page should still be shown.
Also I was messing with openAPI codegen plugins earlier and I get this warning, not sure if it has to do with the swagger UI html page generation but I thought it'd be of use :
2024-01-01T16:02:58.778-05:00 WARN 37572 --- [ main] o.s.b.a.m.MustacheAutoConfiguration : Cannot find template location: classpath:/templates/ (please add some templates, check your Mustache configuration, or set spring.mustache.check-template-location=false)
This is run when running the maven command, verify -f pom.xml
I'm at a point where I don't exactly know where to go. A little earlier today the http://localhost:9090/auto-pass/v3/api-docs This URL for accessing the JSON file for the docs were accessible but the SwaggerUI was never. I'm also having a hard time finding quality docs as a lot of java libraries are deprecated for newer undocumented ones (or atleast less documented).
Thanks alot for the help and happy new year :)
Try to call the API using postman, if it works then it's problem of your spring security configuration not swagger. If it works on postman but not on swagger, compare the CURL of both requests, and there must be something which is missing in the swagger. Most probably the jwt token you are passing isn't being passed on to the API correctly.