i have secured few of the endpoints in spring boot application with oauth2 mechanism, actuator endpoints with basic authentication(via application.properties and the credentials are generated and are set as environment variables) and i want to secure swagger ui endpoints with basic authentication but with different credentials when compared to that of actuator endpoints. how do i do it?
i have tried it using the below code
package com.sap.icd.bs.bcm.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@Configuration
@EnableWebSecurity
@EnableResourceServer
public class SwaggerSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/swagger-ui.html", "/v*/api-docs",
"/swagger-resources/**", "/webjars/springfox-swagger-ui/**").authenticated().and().httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
}
and when i run the application, actuator endpoints cannot be accessed and swagger ui becomes secured...so the thing is only either of them(actuator or swagger endpoints) are working . i need both of them with different credentials
Comments
Post a Comment