Im trying to configure Spring security to block only request to swagger, however it is blocking all urls. Does anyone know how to only lock the swagger's url and leave all the rest not secured?
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests().anyRequest().permitAll()
.and()
.authorizeRequests()
.antMatchers("/swagger*/**").authenticated();
http.httpBasic();
}
Try the following:
http.authorizeRequests()
.antMatchers("/swagger*/**").authenticated()
.anyRequest().permitAll()
.and()
.csrf().disable();
This should only authenticate swagger but permit the rest of the requests.