Olá,
Estou no vídeo 03 da aula 07 - Documentação da API com Swagger.
E estou tentando acessar a página gerada pelo Swagger.
Porém dá erro 403.
Meu arquivo SecurityConfigurations.java está desta forma:
package br.com.alura.forum.config.security;
import br.com.alura.forum.repository.UsuarioRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@EnableWebSecurity
@Configuration
public class SecurityConfigurations extends WebSecurityConfigurerAdapter {
@Autowired
private AutenticacaoService autenticacaoService;
@Autowired
private UsuarioRepository usuarioRepository;
@Autowired
private TokenService tokenService;
@Override
@Bean
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
// Configurações de autenticação (controle de acesso/login)
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(autenticacaoService).passwordEncoder(new BCryptPasswordEncoder()); //Preciso passar o service que tem a lógica de autenticação
}
// Configurações de autorização (URLs, quem pode acessar cada URL, Perfis de acesso)
// Indica quais URLs precisa ter controle de acesso
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.GET, "/topicos/listar").permitAll()
.antMatchers(HttpMethod.GET, "/topicos/detalhar/*").permitAll()
.antMatchers("/h2-console").permitAll()
.antMatchers("/h2-console/").permitAll()
.antMatchers("/h2-console/*").permitAll()
.antMatchers("/h2-console/login.do*").permitAll()
.antMatchers("/auth/**").permitAll()
.antMatchers("/actuator/*").permitAll()
.anyRequest().authenticated()
.and().csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().addFilterBefore(new AutenticacaoViaTokenFilter(tokenService, usuarioRepository), UsernamePasswordAuthenticationFilter.class);
}
// Configurações de recursos estáticos (js, css, img etc)
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/**.html", "/v2/api-docs", "/webjars/**","/configuration/**", "/swagger-resources/**");
}
}
E o arquivo SwaggerConfigurations está assim:
package br.com.alura.forum.config.swagger;
import br.com.alura.forum.modelo.Usuario;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
@Configuration
public class SwaggerConfigurations {
@Bean
public Docket forumApi() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("br.com.alura.forum"))
.paths(PathSelectors.ant("/**"))
.build()
.ignoredParameterTypes(Usuario.class);
}
}
