DEVHIDE
Login Or Sign up

How to disable swagger-ui in production (Thorntail)?

2.5k Views Asked by At

I have an application built with Wildfly Swarm (now Thorntail) and I have integrated Swagger with my REST API's for documentation and also use it to test with Swagger-UI.

I would like to know if it is possible to disable the Swagger-UI part when I deploy my application in a production environment. I tried to look in the swagger documentation to see if there was any properties for this but could not find any. The same on the Thorntail documentation.

One possible solution would be to disable the swagger-ui maven dependency via a maven profile when I build the jar. I would like to avoid this because then I'll have to have one jar for production and one for development.

I saw many suggestions but they seem to be specific for Spring Boot, like this one How do you turn off swagger-ui in production

jakarta-ee swagger swagger-ui wildfly-swarm thorntail
Original Q&A
1

There are 1 best solutions below

0
Thomas Herzog On

I would recommend to host an own swagger-ui instance and not using the one in thorntail, because I consider swagger-ui a development tool, which I wouldn't use in a thorntail service directly.

If swagger-ui is hosted as an external standalone service, and you only need one installation for all developers because its just html and javascript, then you only need to take care about CORS in your service for the endpoint providing the */swagger.json. Providing the swagger.json in a production environment shouldn't be a problem, because its just the doc of your rest api.

See the following example for implementing a CORS filter copied from CORS issue on java web application

public class CorsFilter implements Filter {


    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, HEAD, OPTIONS");
        response.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
      if ("OPTIONS".equalsIgnoreCase((HttpServletRequest) servletRequest.getMethod())) {
        response.setStatus(HttpServletResponse.SC_OK);
      } else {
         filterChain.doFilter(servletRequest, response);
      }

    }

    @Override
    public void destroy() {

    }
}

Here you see how to enable the servlet filter.

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/swaggerJsonEndpoint/*</url-pattern>
</filter-mapping>

Related Questions in JAKARTA-EE

Related Questions in SWAGGER

Related Questions in SWAGGER-UI

Related Questions in WILDFLY-SWARM

Related Questions in THORNTAIL

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.