When trying to upgrade my spring boot project from 2.5.6 to 3.2.5 swagger UI stops working. In version 2.5.6, I do not have spring security nor security config. I have only SwaggerConfig :
@Configuration
public class SwaggerConfig {
@Value("${spring.application.name}")
private String applicationId;
@Value("${spring.application.description}")
private String description;
@Value("${spring.application.version}")
private String version;
@Value("${app.env}")
private String env;
@Bean
public OpenAPI openAPI() {
return new OpenAPI()
.info(apiInfo())
.components(new Components());
}
private Info apiInfo(){
Info info= new Info();
info.setTitle(env + " - " + applicationId);
info.setDescription(description);
info.version(version);
return info;
}
}
Is it necessary to add spring security after upgrading to spring boot 3.2.5, or should i change my SwaggerConfig? Or is the problem somewhere else?
Thank you very much and have a good day.
thank you very much for your answer. Indeed, adding springdoc-openapi-starter-webmvc-ui was part of the solution. However, even after that, I had a login interface to access Swagger-UI.
In order to fix that and have direct access to swagger I added a security config :
@Configuration
@RequiredArgsConstructor
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true)
public class SecurityConfig {
@Bean
CorsConfigurationSource corsConfigurationSource() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues();
corsConfiguration.setAllowedMethods(httpMethods());
source.registerCorsConfiguration("/**", corsConfiguration);
return source;
}
private static List<String> httpMethods() {
return List.of(HEAD.name(), GET.name(), POST.name(), PUT.name(), PATCH.name(), DELETE.name(), OPTIONS.name(), TRACE.name());
}
@Bean
protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.cors(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.exceptionHandling(Customizer.withDefaults())
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
.authorizeHttpRequests(authz -> authz
.anyRequest().permitAll()
);
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
adding a security config with Spring boot 3 requires following Maven dependencies :
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity6</artifactId>
<version>3.1.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>${project.parent.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>6.2.4</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>6.2.4</version>
</dependency>