I have implemented Authorization Server microservice (auth-service) with oauth2 and OpenId standards for authentication and authorization using new spring boot security version 3.2. Also I have implemented another microservice (api-service) for Resource Server with Swagger v3. All protected resources is present in this microservice. To access these protected resources from Resource Server (api-service) i am using access-token (JWT) which is generated from the auth-service. The problem is I have excluded the swagger related endpoints from security still i am getting Unauthorized response and swagger ui is not loading at all. If anyone know how to solve this please let me know. I have tried multiple things but its not working.
Following is my Yaml and resource server configuration
YAML CONFIGURATION:
logging: level: root: INFO org.springframework.web: DEBUG org.springframework.security: DEBUG org.springframework.security.oauth2: DEBUG
spring: security: oauth2: resourceserver: jwt: issuer-uri: http://localhost:8089 jwk-set-uri: http://localhost:8089/oauth2/jwks
RESOURCE SERVER CONFIGURATION:
@Value("${server.servlet.context-path}")
private String contextPath;
/**
* Publicly accessible urls i.e., not secured url, auth service will ignore this URLs
*
* @return String[] of urls
*/
private String[] publicAPI() {
return Stream.of(
"/css/**",
"/api-docs/**",
"/swagger-ui/**",
"/configuration/ui",
"/swagger-resources/**",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**",
"/v3/api-docs",
"/swagger-resources/**",
"/*/swagger-resources/**",
"/*/v3/api-docs"
).toArray(String[]::new);
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf(csrf -> csrf
.ignoringRequestMatchers(publicAPI())
).authorizeHttpRequests(authorize -> authorize
.requestMatchers(publicAPI()).permitAll()
).oauth2ResourceServer(resourceServer ->
resourceServer.jwt(Customizer.withDefaults())
);
return http.build();
}
Thank you.