This way is simpler than creating a @Bean of io.swagger.v3.oas.models.OpenAPI class by Java-code, and differs from Guide to Swagger Parser in that it allows you to use Spring Boot profiles for different runtime environments.
build.gradle
plugins {
id 'java'
id 'org.springframework.boot' version '3.3.2'
id 'io.spring.dependency-management' version '1.1.6'
}
group = 'com.example'
version = '0.0.1-SNAPSHOT'
java {
toolchain {
languageVersion = JavaLanguageVersion.of(21)
}
}
repositories {
mavenCentral()
}
dependencies {
// Spring Boot
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-web'
// Swagger
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0'
}
application.yml
spring:
application:
name: demo
my-app:
openapi.yml:
#For convenience, the following content can be edited in a separate file openapi.yml (for example in IDEA) and then copied here
info:
title: Swagger Configuration Demo Application
version: 0.1
description: This is the application for the demonstration how to configure Swagger by application.yml [OpenAPI Specification](https://spec.openapis.org/oas/latest.html)
components:
securitySchemes:
basic-auth:
type: http
scheme: basic
security:
- basic-auth: [ ]
DemoApplication.java This is a standard Spring Boot application.
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
}
GreetingController.java This is the simplest RESTful controller.
@RestController
public class GreetingController {
@GetMapping("/greeting")
public String greeting() {
return "Hello, World!";
}
}
CustomOpenApi.java This class extends io.swagger.v3.oas.models.OpenAPI and its annotations create the @Bean of io.swagger.v3.oas.models.OpenAPI automatically.
@Configuration
@AutoConfigureBefore(SwaggerConfig.class)
@ConfigurationProperties(prefix = "my-app.openapi.yml")
public class CustomOpenApi extends OpenAPI {
}
That’s all! Very simple and it works.
As an additional example, this demo application shows the security configuration of the Spring Boot application itself and the Swagger-ui properties to authenticate RESTful calls.
Swagger-ui authentication properties see in application.yml: components.securitySchemes and security. See also comments at the end of the post.
WebSecurityConfig.java This class configures the Spring Boot application security to basic authentication and only one user – demo (with password demo). Some paths are whitelisted for free access to Swagger-ui.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((requests) -> requests
.requestMatchers(
"/v3/api-docs/**",
"/v3/api-docs.yaml",
"/swagger-ui/**",
"/swagger-ui.html").permitAll()
.anyRequest().authenticated())
.httpBasic(Customizer.withDefaults())
;
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("demo")
.password("demo")
.build();
return new InMemoryUserDetailsManager(user);
}
}
This application.yml file specifies Swagger-ui authentication properties for basic authentication of RESTful calls to “/greeting”.
To specify another authentication method see “Security Scheme Object Example” in OpenAPI Specification.
For example our application uses Keycloak authentication and our application.yml contains:
components:
securitySchemes:
bearer-token:
type: http
scheme: "Bearer"
security:
- bearer-token: []
Andrey Nasonov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
2