CODEWITHSUNDEEP
spring-bootspring-securityswaggerswagger-uispringdoc
mrsharukh03
mrsharukh03

Reputation: 1

Error with Swagger/OpenAPI version field when using Spring Security and Springdoc

I'm facing an issue with my Spring Security and Springdoc OpenAPI configuration. When I configure anyRequest().authenticated(), I receive the following error message:


Unable to render this definition
The provided definition does not specify a valid version field.

Please indicate a valid Swagger or OpenAPI version field. Supported version fields are swagger: "2.0" and those that match openapi: 3.x.y (for example, openapi: 3.1.0).

However, when I use anyRequest().permitAll(), the error doesn't occur, and everything works fine.

Here’s the dependency I’m using for Springdoc:

<dependency>
    <groupId>org.springdoc</groupId>
    <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
    <version>2.8.5</version>
</dependency>

And this is the relevant Spring Security configuration:

  
      @Bean
      public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
          http.csrf(AbstractHttpConfigurer::disable)
              .authorizeHttpRequests((request) -> request
                  .requestMatchers("/book/*", "/swagger-ui/**", "/swagger-ui.html/*", "/v3/api-docs/*", "/auth/*", "/login").permitAll()
                  .requestMatchers("/user/*").hasRole("USER")
                  .requestMatchers("/admin/*").hasRole("ADMIN")
                  .anyRequest().authenticated()
              );
          http.formLogin(Customizer.withDefaults());
          return http.build();
      }

Issue:

I’m getting the error when I use anyRequest().authenticated(). The error goes away when I use anyRequest().permitAll(). I’ve verified that the Swagger/OpenAPI version is not specified in my application properties or config files. What am I missing here, and how can I fix this to work with authentication enabled?

I tried updating the Springdoc dependency and also checked the Spring Security configuration. I made changes to the configuration, using anyRequest().authenticated() and adjusted permissions accordingly. I also checked the Swagger configuration and version fields, but the error still persists. What I expected:

I expected that after applying anyRequest().authenticated(), Swagger UI and the API documentation would still work fine without any errors.

Upvotes: 0

Views: 48

Answers (1)

Sushil Behera
Sushil Behera

Reputation: 971

Correct your Swagger URI request matchers.

Try below.

.requestMatchers("/book/**", "/swagger-ui/**", "/swagger-ui.html", "/v3/api-docs/**", "/auth/**", "/login").permitAll()

Upvotes: 0

Related Questions