From 98c873358ad88a614a9d47e36ec3cf3325bd5d3d Mon Sep 17 00:00:00 2001 From: ritumalav Date: Tue, 18 Nov 2025 18:23:16 -0700 Subject: [PATCH 1/3] docs(management-port): add example for /v3/api-docs and Swagger UI (#3147) --- README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/README.md b/README.md index 851b03156..d6c0397a1 100644 --- a/README.md +++ b/README.md @@ -253,6 +253,37 @@ Snapshots: * [https://central.sonatype.com/service/rest/repository/browse/maven-snapshots/org/springdoc/](https://central.sonatype.com/service/rest/repository/browse/maven-snapshots/org/springdoc/) . +## Using a separate management port (Spring Boot 3) + +Some Spring Boot apps run **Actuator** on a separate management port. In that case: + +- **Application port** (e.g., `8080`) serves your app and springdoc endpoints: + - `http://localhost:8080/v3/api-docs` + - `http://localhost:8080/swagger-ui/index.html` + +- **Management port** (e.g., `9090`) serves Actuator: + - `http://localhost:9090/actuator` + - `http://localhost:9090/actuator/health` + +Minimal `application.yml`: + +```yaml +server: + port: 8080 + +management: + server: + port: 9090 + endpoints: + web: + exposure: + include: health,info + +# springdoc is enabled by default with the starter; +# endpoints remain on the application port. +# (OpenAPI JSON = /v3/api-docs, Swagger UI = /swagger-ui/index.html) +``` + # Acknowledgements ## Contributors From 5dee302b534685763b1e3f52c7fae05139844082 Mon Sep 17 00:00:00 2001 From: ritumalav Date: Tue, 18 Nov 2025 18:39:43 -0700 Subject: [PATCH 2/3] docs(README): add TOC entry for management-port section --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d6c0397a1..2e13514dc 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,7 @@ This project is sponsored by - [Error Handling for REST using @ControllerAdvice](#error-handling-for-rest-using-controlleradvice) - [Adding API Information and Security documentation](#adding-api-information-and-security-documentation) - [spring-webflux support with Annotated Controllers](#spring-webflux-support-with-annotated-controllers) + - [Using a separate management port (Spring Boot 3)](#using-a-separate-management-port-spring-boot-3) - [Acknowledgements](#acknowledgements) - [Contributors](#contributors) - [Additional Support](#additional-support) From f9f9d19c450210b052fb1e07b15fcd1f9e6b25f1 Mon Sep 17 00:00:00 2001 From: ritumalav Date: Tue, 18 Nov 2025 19:34:12 -0700 Subject: [PATCH 3/3] docs(security): allow /v3/api-docs(.yaml) and Swagger UI when Spring Security is enabled (Closes #3149) --- README.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/README.md b/README.md index 2e13514dc..e3409ef99 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ This project is sponsored by - [Adding API Information and Security documentation](#adding-api-information-and-security-documentation) - [spring-webflux support with Annotated Controllers](#spring-webflux-support-with-annotated-controllers) - [Using a separate management port (Spring Boot 3)](#using-a-separate-management-port-spring-boot-3) + - [When Spring Security is enabled](#when-spring-security-is-enabled) - [Acknowledgements](#acknowledgements) - [Contributors](#contributors) - [Additional Support](#additional-support) @@ -285,6 +286,28 @@ management: # (OpenAPI JSON = /v3/api-docs, Swagger UI = /swagger-ui/index.html) ``` +### When Spring Security is enabled + +With Spring Boot 3, `/v3/api-docs` and Swagger UI are served on the **application port**, while Actuator runs on the **management port**. +If Spring Security is enabled, explicitly permit the docs paths on the **application port**: + +```java +@Bean +SecurityFilterChain api(HttpSecurity http) throws Exception { + http + .authorizeHttpRequests(auth -> auth + .requestMatchers( + "/v3/api-docs/**", + "/v3/api-docs.yaml", + "/swagger-ui/**", + "/swagger-ui.html" + ).permitAll() + .anyRequest().authenticated() + ); + return http.build(); +} +``` + # Acknowledgements ## Contributors