I followed instruction for setup the swagger in my back-end spring boot application.
Here is my configure method from WebSecurityConfig which should by idea allow me to access swagger ui.
protected void configure(HttpSecurity http) throws Exception {
.antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security", "/swagger-ui.html", "/webjars/**","/swagger-resources/configuration/ui","/swagger-ui.html").permitAll()
http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
AuthEntryPointJwt class
public class AuthEntryPointJwt implements AuthenticationEntryPoint {
private static final Logger logger = LoggerFactory.getLogger(AuthEntryPointJwt.class);
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
logger.error("Unauthorized error: {}", authException.getMessage());
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Error: Unauthorized");
And finally the logs and you see ERROR when accesing page http://localhost:8080/spring-security-rest/api/v2/api-docs
2022-10-13 09:59:03.379 INFO 4108 --- [ main] fr.veryski.veryski.VeryskiApplication : Starting VeryskiApplication using Java 16.0.2 on fnyve with PID 4108 (C:\Users\qwert\OneDrive\BUREAU\Veryski\veryski\target\classes started by qwert in C:\Users\qwert\OneDrive\BUREAU\Veryski\veryski)
2022-10-13 09:59:03.381 INFO 4108 --- [ main] fr.veryski.veryski.VeryskiApplication : The following profiles are active: dev
2022-10-13 09:59:05.199 INFO 4108 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean '' of type [] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2022-10-13 09:59:05.206 INFO 4108 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityMetadataSource' of type [] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2022-10-13 09:59:05.464 INFO 4108 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2022-10-13 09:59:05.473 INFO 4108 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2022-10-13 09:59:05.473 INFO 4108 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.44]
2022-10-13 09:59:05.601 INFO 4108 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2022-10-13 09:59:05.601 INFO 4108 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 2165 ms
2022-10-13 09:59:05.786 INFO 4108 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2022-10-13 09:59:05.887 INFO 4108 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
2022-10-13 09:59:08.702 INFO 4108 --- [ main] l.lockservice.StandardLockService : Successfully acquired change log lock
2022-10-13 09:59:09.074 INFO 4108 --- [ main] l.c.StandardChangeLogHistoryService : Reading from public.databasechangelog
2022-10-13 09:59:09.136 INFO 4108 --- [ main] l.lockservice.StandardLockService : Successfully released change log lock
2022-10-13 09:59:10.795 INFO 4108 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure Mvc [pattern='/v2/api-docs'] with []
2022-10-13 09:59:10.795 INFO 4108 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure Mvc [pattern='/configuration/ui'] with []
2022-10-13 09:59:10.795 INFO 4108 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure Mvc [pattern='/swagger-resources/**'] with []
2022-10-13 09:59:10.795 INFO 4108 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure Mvc [pattern='/configuration/security'] with []
2022-10-13 09:59:10.795 INFO 4108 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure Mvc [pattern='/swagger-ui.html'] with []
2022-10-13 09:59:10.795 INFO 4108 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure Mvc [pattern='/webjars/**'] with []
2022-10-13 09:59:10.824 INFO 4108 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [,,, org.springframework.web.filter.CorsFilter@52a3a9ef,, fr.veryski.veryski.config.AuthTokenFilter@26107e6d,,,,,,]
2022-10-13 09:59:10.931 INFO 4108 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2022-10-13 09:59:11.134 INFO 4108 --- [ main] o.s.s.c.ThreadPoolTaskScheduler : Initializing ExecutorService 'taskScheduler'
2022-10-13 09:59:11.240 INFO 4108 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2022-10-13 09:59:12.061 INFO 4108 --- [ main] fr.veryski.veryski.VeryskiApplication : Started VeryskiApplication in 9.455 seconds (JVM running for 10.485)
2022-10-13 10:00:49.961 INFO 4108 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-10-13 10:00:49.962 INFO 4108 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2022-10-13 10:00:49.966 INFO 4108 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 4 ms
2022-10-13 10:00:50.019 ERROR 4108 --- [nio-8080-exec-1] f.v.veryski.config.AuthEntryPointJwt : Unauthorized error: Full authentication is required to access this resource
2022-10-13 10:00:50.339 ERROR 4108 --- [nio-8080-exec-2] f.v.veryski.config.AuthEntryPointJwt : Unauthorized error: Full authentication is required to access this resource
What is wrong it tells me Will secure MVC [pattern='/v2/api-docs']
Remove it from HTTP Security config and add it as a WebSecurity:
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/v3/api-docs/**", "/swagger-ui.html", "/swagger-ui/**");
