Hi experts,
am facing an issue in my application. i have enabled oauth for my spring
boot project ( rest service). i have created a rest client to access the
oauth enabled api.
when i load my swaggerui ( 2.5 version)
{
"error": "unauthorized",
"error_description": "Full authentication is required to access this
resource"
}
if i hit the end point via post man it works. because post man is a nice
tool where i can enter bearer token and invoke the service.
in swagger configuration java file we should have an option.
@Override
public void configure(HttpSecurity http) throws Exception
{
http.csrf().disable().antMatcher("/**") // this will apply to the
entire
// web server
.authorizeRequests()
.antMatchers("/v2/api-docs", "/configuration/ui",
"/swagger-resources", "/configuration/security",
"/swagger-ui.html", "/webjars/**",
"/swagger-resources/configuration/ui", "/swagger-ui.html",
"/swagger-resources/configuration/security")
.permitAll()
.antMatchers("/**").access("#oauth2.hasScope('ownresource.read')"); <!--
tried this -->
.anyRequest().hasAuthority("ownresource.read"); <!-- tried this one too
with out the above line -->
}
Please guide me with the right configuration which will enable me to access
the application through swagger UI as well. we test our application via
swagger most of the times.
if there is a way to externalize the client id , client secret , token url
and use it the above configuration, it will be really great. kind of little
urgent. any help us much appreciated.
--
You received this message because you are subscribed to the Google Groups
"Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
