Closes #2616 - Make OpenAPI/Swagger UI docs public

2024-07-19 16:56:14 +02:00 · 2024-07-19 16:56:14 +02:00 · bbad969a9b
parent 712abf4fa0
commit bbad969a9b
3 changed files with 15 additions and 5 deletions
--- a/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/OpenApiConfiguration.java
+++ b/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/OpenApiConfiguration.java
@ -1,7 +1,10 @@
 package pro.taskana.example.boot;

 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
 import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
 import io.swagger.v3.oas.models.media.ArraySchema;
 import io.swagger.v3.oas.models.media.ObjectSchema;
 import io.swagger.v3.oas.models.media.StringSchema;
@ -18,8 +21,7 @@ import org.springframework.context.annotation.Configuration;
            title = "TASKANA RESTful API Documentation",
            version = "8.2.0",
            description =
-                ""
-                    + "<h1>Overview</h1>"
+                "<h1>Overview</h1>"
                    + "<p>"
                    + "This is the REST documentation for [TASKANA](http://taskana.pro) - the "
                    + "world’s first open source solution for Enterprise Task Management."
@ -340,7 +342,9 @@ import org.springframework.context.annotation.Configuration;
                    + "<td>String</td>"
                    + "</tr>"
                    + "</tbody>"
-                    + "</table>"))
+                    + "</table>"),
+    security = {@SecurityRequirement(name = "basicAuth")})
+@SecurityScheme(name = "basicAuth", type = SecuritySchemeType.HTTP, scheme = "basic")
 public class OpenApiConfiguration {
  @Bean
  public OpenApiCustomizer openApiCustomizer() {
--- a/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/security/BootWebSecurityConfigurer.java
+++ b/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/security/BootWebSecurityConfigurer.java
@ -73,8 +73,14 @@ public class BootWebSecurityConfigurer {
                authorizeHttpRequests
                    .requestMatchers("/css/**", "/img/**")
                    .permitAll()
+                    .requestMatchers(HttpMethod.GET, "/docs/**")
+                    .permitAll()
                    .requestMatchers(
-                        HttpMethod.GET, "/docs/**", "/api-docs*")
+                        HttpMethod.GET,
+                        "/api-docs",
+                        "/api-docs/**",
+                        "/swagger-ui",
+                        "/swagger-ui/**")
                    .permitAll())
        .cors(Customizer.withDefaults())
        .addFilter(jaasApiIntegrationFilter())
--- a/rest/taskana-rest-spring-example-boot/src/main/resources/application.properties
+++ b/rest/taskana-rest-spring-example-boot/src/main/resources/application.properties
@ -33,7 +33,7 @@ taskana.schemaName=TASKANA
 ####### property that control rest api security deploy use true for no security.
 devMode=false
 # This property enables the support of XSRF tokens. This will not work together with devMode.
-enableCsrf=true
+enableCsrf=false
 ####### property that control if the database is cleaned and sample data is generated
 generateSampleData=true
 ####### cache static resources properties