Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#java# 规范 不安全的 Swagger 暴露 增补修订建议 #9

Open
k4n5ha0 opened this issue May 24, 2021 · 0 comments
Open

#java# 规范 不安全的 Swagger 暴露 增补修订建议 #9

k4n5ha0 opened this issue May 24, 2021 · 0 comments

Comments

@k4n5ha0
Copy link

k4n5ha0 commented May 24, 2021

不安全的 Swagger 暴露

Swagger 如果不进行任何安全限制直接对外暴露端访问路径,可导致敏感接口以及接口的参数泄露。

解决方案:

// 测试环境配置文件 application.properties 中
swagger.enable=true

// 生产环境配置文件 application.properties 中
swagger.enable=false

// java代码中变量 swaggerEnable 通过读取配置文件设置swagger开关
@Configuration
public class Swagger {
	@Value("${swagger.enable}")
	private boolean swaggerEnable;

	@Bean
	public Docket createRestApi() {
		return new Docket(DocumentationType.SWAGGER_2)
			//  变量 swaggerEnable 控制是否开启 swagger
			.enable(swaggerEnable)
			.apiInfo(apiInfo())
			.select()
			.apis(RequestHandlerSelectors.basePackage("com.tao.springboot.action"))
			//controller路径
			.paths(PathSelectors.any())
			.build();
    }
@k4n5ha0 k4n5ha0 changed the title #java# 规范 增补修订建议 #java# 规范 不安全的 Swagger 暴露 增补修订建议 May 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@k4n5ha0