fix-swagger-openapi (#307)

InseeFrLab · Dec 5, 2023 · daa7416 · daa7416
1 parent 395330a
commit daa7416
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 29 deletions.
diff --git a/onyxia-api/pom.xml b/onyxia-api/pom.xml
@@ -47,8 +47,8 @@
         </dependency>
         <dependency>
             <groupId>org.springdoc</groupId>
-            <artifactId>springdoc-openapi-ui</artifactId>
-            <version>1.7.0</version>
+            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+            <version>2.2.0</version>
         </dependency>
 
         <dependency>

diff --git a/onyxia-api/src/main/java/fr/insee/onyxia/api/security/OIDCConfiguration.java b/onyxia-api/src/main/java/fr/insee/onyxia/api/security/OIDCConfiguration.java
@@ -1,5 +1,7 @@
 package fr.insee.onyxia.api.security;
 
+import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;
+
 import fr.insee.onyxia.api.services.UserProvider;
 import fr.insee.onyxia.api.services.utils.HttpRequestUtils;
 import fr.insee.onyxia.model.User;
@@ -70,36 +72,58 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .requestMatchers(HttpMethod.OPTIONS)
                 .permitAll()
                 // configuration pour Swagger
-                .requestMatchers(
-                        "/",
-                        "/swagger-ui**",
-                        "/swagger-ui/**",
-                        "/v2/api-docs",
-                        "/v3/api-docs",
-                        "/v3/api-docs/*",
-                        "/csrf",
-                        "/webjars/**",
-                        "/swagger-resources/**",
-                        "/actuator/**",
-                        "/actuator")
-                .permitAll()
-                .requestMatchers(
-                        "/api",
-                        "/api/swagger-ui**",
-                        "/api/swagger-ui/**",
-                        "/api/v2/api-docs",
-                        "/api/v3/api-docs",
-                        "/api/v3/api-docs/*",
-                        "/api/csrf",
-                        "/api/webjars/**",
-                        "/api/swagger-resources/**",
-                        "/api/actuator/**",
-                        "/api/actuator")
+                .requestMatchers(antMatcher("/"))
+                .permitAll()
+                .requestMatchers(antMatcher("/swagger-ui**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/swagger-ui/**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/v2/api-docs"))
+                .permitAll()
+                .requestMatchers(antMatcher("/v3/api-docs"))
+                .permitAll()
+                .requestMatchers(antMatcher("/v3/api-docs/*"))
+                .permitAll()
+                .requestMatchers(antMatcher("/csrf"))
+                .permitAll()
+                .requestMatchers(antMatcher("/webjars/**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/swagger-resources/**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/actuator/**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/actuator"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api/swagger-ui**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api/swagger-ui/**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api/v2/api-docs"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api/v3/api-docs"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api/v3/api-docs/*"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api/csrf"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api/webjars/**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api/swagger-resources/**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api/actuator/**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/api/actuator"))
+                .permitAll()
+                .requestMatchers(antMatcher("/configuration/**"))
+                .permitAll()
+                .requestMatchers(antMatcher("/swagger-resources/**"))
                 .permitAll()
                 // configuration pour public
-                .requestMatchers("/public/**")
+                .requestMatchers(antMatcher("/public/**"))
                 .permitAll()
-                .requestMatchers("/api/public/**")
+                .requestMatchers(antMatcher("/api/public/**"))
                 .permitAll()
                 .anyRequest()
                 .authenticated()