Repository: incubator-geode Updated Branches: refs/heads/develop 3ff33be20 -> c4e3b1553
GEODE-1983: Swagger is broken with integrated security * this closes #273 Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/c4e3b155 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/c4e3b155 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/c4e3b155 Branch: refs/heads/develop Commit: c4e3b155351e37f9d9354d837f5b588a5f236bce Parents: 3ff33be Author: Kevin Duling <[email protected]> Authored: Wed Oct 26 12:36:46 2016 -0700 Committer: Jinmei Liao <[email protected]> Committed: Fri Oct 28 08:36:42 2016 -0700 ---------------------------------------------------------------------- .../geode/rest/internal/web/SwaggerVerificationTest.java | 3 +++ .../internal/web/security/RestSecurityConfiguration.java | 11 ++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c4e3b155/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java ---------------------------------------------------------------------- diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java index 55cc26e..b550e11 100644 --- a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java +++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java @@ -17,12 +17,14 @@ package org.apache.geode.rest.internal.web; import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_BIND_ADDRESS; import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_PORT; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.apache.geode.distributed.ConfigurationProperties.START_DEV_REST_API; import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.assertThat; import org.apache.geode.internal.AvailablePortHelper; import org.apache.geode.internal.i18n.LocalizedStrings; +import org.apache.geode.security.templates.SimpleSecurityManager; import org.apache.geode.test.dunit.rules.ServerStarter; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.http.HttpResponse; @@ -42,6 +44,7 @@ public class SwaggerVerificationTest { static Properties properties = new Properties() { { setProperty(START_DEV_REST_API, "true"); + setProperty(SECURITY_MANAGER, SimpleSecurityManager.class.getName()); setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost"); setProperty(HTTP_SERVICE_PORT, restPort + ""); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c4e3b155/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java ---------------------------------------------------------------------- diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java index b9b9477..3aa5622 100644 --- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java +++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java @@ -15,6 +15,8 @@ */ package org.apache.geode.rest.internal.web.security; +import org.apache.geode.internal.security.IntegratedSecurityService; +import org.apache.geode.internal.security.SecurityService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; @@ -27,9 +29,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; -import org.apache.geode.internal.security.IntegratedSecurityService; -import org.apache.geode.internal.security.SecurityService; - @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @@ -54,8 +53,10 @@ public class RestSecurityConfiguration extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() - .authorizeRequests().antMatchers("/ping", "/api-docs/**", "/docs/**").permitAll() - .anyRequest().authenticated().and().formLogin().and().csrf().disable(); + .authorizeRequests() + .antMatchers("/ping", "/docs/**", "/swagger-ui.html", "/v2/api-docs/**", + "/webjars/springfox-swagger-ui/**", "/swagger-resources/**") + .permitAll().anyRequest().authenticated().and().formLogin().and().csrf().disable(); if (securityService.isIntegratedSecurity()) { http.httpBasic();
