Home > Mobile >  Spring Boot - expose endpoints only in Swagger UI but not via direct HTTP call
Spring Boot - expose endpoints only in Swagger UI but not via direct HTTP call

Time:01-12

Is it possible to expose some selected endpoints only in Swagger UI, but make them unavailable at the server otherwise via direct HTTP call?

There is @Operation(hidden=true) to not to expose the endpoint in Swagger UI but still have it available on the server. I need just the "inverted behavior".

Use case: we have Swagger UI normally forbidden in production. I want to have some endpoints available only in Swagger UI for testing purposes during development.

Versions: Spring Boot 2.6.2, springdoc-openapi-ui 1.6.3.

CodePudding user response:

Use case:

  • we have Swagger UI normally forbidden in production.
  • I want to have some endpoints available only in Swagger UI for testing purposes during development.

The "springiest" solution to this (type of requirement) is probably Profiles!

We could:

@SpringBootApplication(exclude = {
  SpringDocWebMvcConfiguration.class,
  SpringDocConfiguration.class
})
public class MySpringApp {...

exclude openapi configuration from our main config (default profile) (since it is forbidden anyways).

Then we would introduce:

@Configuration
@Profile("documented") // ! this gets only activated/loaded, when "documented" is (one of) spring.aprofiles.active
@Import({
  SpringDocWebMvcConfiguration.class,
  SpringDocConfiguration.class
})
// customize API here ...
class DocConfig {
  // ...and/or here
}

All the controllers we want to "swagger", we also annotate with:

@Profile("documented") 
@[Rest]Controller public class MyDevController {
...

Unfortunately we can use @Profile on bean methods/classes only, to use it per "request mapping" (method), we'd have to copy & segregate the controllers:

One with:

@Profile("documented") // work in progress

and the orignal controller with:

@Profile("!documented") // as in prod

We have to mutually exclude them ("documented" vs "!documented"), since otherwise the (path) mapping won't be distinct.

With this, running our app in production (without "documented" profile), would:

  • skip the springdoc configuration
  • expose no:
    • swagger-ui
    • no api-endpoints
  • not load any controllers with profile "documented".

Running our app in dev/loaclly, we would set spring.profiles.active=documented, and springdoc will:

  • expose ui and endpoints of:
  • the "documented" (& default !) controllers.

Page link:https//www.codepudding.com/Mobile/259771.html

Prev:Does recvfrom() on an IPv6 socket always return an IPv6 address in 'from' parameter?
Next:Input validation of multiple conditions C Program
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding