How do you turn off swagger-ui in production

java spring spring-boot swagger swagger-ui

I have swagger plugged in to my spring boot application. Spring boot allows you to have property files for each environment that you have. Is there a way to disable swagger for a production environment?


Solution 1:

Put your swagger configuration into separate configuration class and annotate it with @Profile annotation -> so that it will be scanned into Spring context only in certain profiles.

Example:

@Configuration
@EnableSwagger2
@Profile("dev")
public class SwaggerConfig {
    // your swagger configuration
}

You can than define profile your Spring Boot app is operating in via command line: --spring.profiles.active=dev or via config file: spring.profiles.active=dev.

Read this section of Spring Boot docs for more info about @Profile

Solution 2:

If you are working on multiple environments then you can also use @Profile as array

@Configuration
@EnableSwagger2
@Profile({"dev","qa"})
public class SwaggerConfig {
   // your swagger configuration
}

Solution 3:

with swagger 3.0.0 version you can add springfox.documentation.enabled=false in corresponding environment profile application.properties file. For example, I have added this to application-prod.properties to disable in production (while running the app you must specify the profile using VM args like -Dspring.profiles.active=prod)

Solution 4:

This is my configuration class:

@Configuration
@Profile("swagger")
@EnableSwagger2
public class SwaggerConfig {

    @Value("${info.build.version}")
    private String buildVersion;

    @Bean
    public Docket documentation() {
        return new Docket(DocumentationType.SWAGGER_2)
                .select()
                .apis(RequestHandlerSelectors.any())
                .paths(regex("/rest/.*"))
                .build()
                .pathMapping("/")
                .apiInfo(metadata());
    }

    private ApiInfo metadata() {
        return new ApiInfoBuilder()
                .title("API documentation of our App")
                .description("Use this documentation as a reference how to interact with app's API")
                .version(buildVersion)
                .contact(new Contact("Dev-Team", "https://dev-website", "dev@mailbox"))
                .build();
    }
}

Wherever I need Swagger, I add the profile swagger to the environment variable SPRING_PROFILES_ACTIVE

Solution 5:

In addition to the answers configuring Spring using a profile, consider having rules on your reverse HTTP proxy to block access to the Swagger end points from outside the LAN. That would give you some defence in depth against attacks on the Swagger end points.

Related

Display pdf image in markdown
Should I avoid converting to a string if a value is already a string?
WSACancelBlockingCall exception
Differences between AForge and OpenCV
How do I use '~' (tilde) in the context of paths?
Simple haskell unit testing
css3 :not() selector to test parent's class
How to connect two Elixir nodes via local network?
Genderless subject pronoun writing [duplicate]
Do the words "en dash" and "em dash" require a hyphen? [duplicate]
Single word to represent few things like arriving late, leaving for the day, working from home, etc [closed]
Was or is or both? A line from the Prologue to The Canterbury Tales