spring - 避免在 SecurityConfigurer 适配器中调用 swagger URL - Spring boot security

问题描述

我的整个配置看起来像这样，已尝试使用过滤器进行以下配置，但无法忽略总是发生的 swagger auth。如何避免

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SeqConfiguration extends WebSecurityConfigurerAdapter {

private final SampleConfigurer sampleConfigurer;

  @Autowired
  public SecurityConfiguration(SampleConfigurer sampleConfigurer) {
    this.sampleConfigurer= sampleConfigurer;
  }

@Bean
  @Override
  public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
  }

@Override
  public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/api-docs/", "/swagger-ui/**");
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
        .anyRequest().authenticated().and().apply(sampleConfigurer);
  }

}



@Component
public class SampleConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {

    private final SampleTokenFilter sampleTokenFilter;

    public SampleConfigurer(SampleTokenFilter sampleTokenFilter) {
        this.sampleTokenFilter= sampleTokenFilter;
    }

    @Override
    public void configure(HttpSecurity builder) throws Exception {
        builder.addFilterBefore(sampleTokenFilter, UsernamePasswordAuthenticationFilter.class);
    }
}


@Component
public class SampleTokenFilter extends OncePerRequestFilter { 

@Override
  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
      FilterChain filterChain) throws ServletException, IOException {
... this is getting called even for swagger.... How to avoid this.

}

}

问题：

1. SampleTokenFilter dofilter 方法甚至被调用 swagger ui url
2. 如何仅为招摇**跳过过滤器身份验证？

标签： springspring-bootspring-securityswagger-ui