"addCorsMapping" blocking Swagger UI

Question

I'm working on a Spring application and I have some troubles with Swagger and Spring Security. I had to add a specific configuration to allow almost every access (CORS) and it worked well so far, but somehow it is blocking Swagger.... This is my SwaggerConfiguration.java @Configuration @EnableSwagger2 @SwaggerDefinition( info = @Info( description = "Web Service", version = "V0.0.1", title = "Web Service", contact = @Contact( name = "Me", email = "[email protected]", url = "https://www.me.com/" ) ), consumes = {"application/json"}, produces = {"application/json"}, schemes = {SwaggerDefinition.Scheme.HTTP, SwaggerDefinition.Scheme.HTTPS} ) public class SwaggerConfiguration { /** List of Swagger endpoints (used by {@code WebSecurityConfig}) */ static final String[] SWAGGER_ENDPOINTS = { "/v2/api-docs", "/swagger-resources", "/swagger-resources/**", "/configuration/ui", "/configuration/security", "/swagger-ui.html", "/webjars/**" }; @Bean public Docket swaggerSpringMvcPlugin() { return new Docket(DocumentationType.SWAGGER_2) .groupName("admin-api") .select() .paths(paths()) // and by paths .build(); } private Predicate paths() { return or( regex("/admin.*"), regex("/issuer.*"), regex("/validator.*"), regex("/data.*")); } } And this is my WebSecurityConfig.java : @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private JwtTokenDecoder jwtTokenDecoder; @Bean // Mandatory to be able to have % in URL // FIXME Set it only for dev environment public HttpFirewall allowUrlEncodedPercentHttpFirewall() { StrictHttpFirewall firewall = new StrictHttpFirewall(); firewall.setAllowUrlEncodedPercent(true); firewall.setAllowUrlEncodedSlash(true); return firewall; } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .httpBasic().disable() .formLogin().disable() .logout().disable() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // Install the JWT authentication filter http.addFilterBefore(new JwtAuthenticationFilter(jwtTokenDecoder), BasicAuthenticationFilter.class); // Authorize only authenticated requests http.authorizeRequests() .anyRequest().authenticated(); http.cors(); } @Override public void configure(WebSecurity web) { // Allow access to /admin/login without authentication web.ignoring().mvcMatchers("/admin/login", "/admin/validate", "/campaigns", "/data/**", "/issuer/**", "/validator/**"); web.ignoring().antMatchers(SwaggerConfiguration.SWAGGER_ENDPOINTS); web.httpFirewall(allowUrlEncodedPercentHttpFirewall()); } } Finally, I have a WebConfig.java used to set CORS authorizations. Here it is : @Configuration @EnableWebMvc public class WebConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("*") .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE"); } } Very simple. It should authorize almost any access. When I remove it, Swagger is available from URL localhost:8080/swagger-ui.html (but not my webservices...) When I put it back, it is blocked, with a 403 error (forbidden) Any idea of what I am missing ? JavaScript questions and answers, JavaScript questions pdf, JavaScript question bank, JavaScript questions and answers pdf, mcq on JavaScript pdf, JavaScript questions and solutions, JavaScript mcq Test , Interview JavaScript questions, JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)

Answer 1

So the solution was to add some configuration in WebConfig I have added this implementation @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { registry .addResourceHandler("swagger-ui.html") .addResourceLocations("classpath:/META-INF/resources/"); registry .addResourceHandler("/webjars/**") .addResourceLocations("classpath:/META-INF/resources/webjars/"); }