Documentacion api swagger-ui error 403 No he encotrado una solución para este inconveniente, no se si será por compatibilidad de las dependencias. Podria alguien darme una idea de donde se esta producciendo el bloqueo de la url y no deja que funcione
la url /v3/api-docs si funciona.
org.springframework.boot spring-boot-starter-parent 3.3.0
org.springdoc springdoc-openapi-starter-webmvc-ui 2.5.0 -> si utilizo la version 2.7 el java lanza una exception.Clases que pueden estar involucradas
@Configuration @EnableWebSecurity public class SegurityConfiguration {
private final SegurityFilter segurityFilter;
@Autowired
public SegurityConfiguration(SegurityFilter segurityFilter) {
this.segurityFilter = segurityFilter;
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.csrf(AbstractHttpConfigurer::disable) // Deshabilita CSRF
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // Modo sin estado
.authorizeHttpRequests(auth -> auth
.requestMatchers(HttpMethod.POST, "/login").permitAll() // Permitir POST en /login
.requestMatchers("/v3/api-docs/**",
"/swagger-ui.html",
"/swagger-ui/**",
"/swagger-resources/**",
"/webjars/**").permitAll()
.anyRequest()
.authenticated() // Cualquier otra solicitud debe estar autenticada
)
.addFilterBefore(segurityFilter, UsernamePasswordAuthenticationFilter.class)
.build(); // Construir el SecurityFilterChain
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
@Component public class SegurityFilter extends OncePerRequestFilter {
private final TokenService tokenService;
private final UserService userService;
@Autowired
public SegurityFilter(TokenService tokenService, UserService userService) {
this.tokenService = tokenService;
this.userService = userService;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
var authHeader = request.getHeader("Authorization");
if(authHeader != null) {
var token = authHeader.replace("Bearer ", "");
var subject = tokenService.getSubject(token);
if(subject != null) {
var user = userService.findByEmail(subject);
//Validar que el usuario existe
var authentication = new UsernamePasswordAuthenticationToken(
user,
null,
user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
filterChain.doFilter(request, response);
}
}