2.8.4 always shows PetStore documentation instead of the generated documentation in WebFlux application

[kdebski85]

Describe the bug

In Spring Boot 3.4.2 application with WebFlux, when springdoc-openapi-starter-webflux-ui is upgraded from 2.8.3 to 2.8.4, Swagger no longer shows generated documentation, but documentation for https://petstore.swagger.io/v2/swagger.json

There is also a warning:

o.s.w.r.resource.ResourceHandlerUtils    : Appended trailing slash to static resource location: classpath:/META-INF/resources/webjars/swagger-ui/5.18.2/

To Reproduce
Steps to reproduce the behavior:

• Create Spring Boot 3.4.2 application with springdoc-openapi-starter-webflux-ui 2.8.4 and any endpoint
• Navigate to Swagger, for example http://127.0.0.1:8080/webjars/swagger-ui/index.html

Expected behavior

• Swagger shows generated documentation - /v3/api-docs, not https://petstore.swagger.io/v2/swagger.json
• no warning about classpath:/META-INF/resources/webjars/swagger-ui/5.18.2/

Screenshot

Additional context
Maybe it is caused by #2862

[abdelmoez-guetat]

Hello @kdebski85,

The correct URL to access Swagger for the Spring Boot 3.4.2 application with springdoc-openapi-starter-webflux-ui 2.8.4 is:

http://127.0.0.1:8080/swagger-ui/index.html

Instead of using the /webjars path, please try navigating directly to the URL above.

Additionally, ensure that your security configuration allows access to the following paths:

• /v3/api-docs
• /swagger-ui/index.html

Here’s an example security configuration to permit access:

@Bean
    public SecurityWebFilterChain filterChain(ServerHttpSecurity http) {
        http.authorizeExchange()
                .matchers(
                        ServerWebExchangeMatchers.pathMatchers("/swagger-ui", "/swagger-ui/*"),
                        ServerWebExchangeMatchers.pathMatchers("/v3/api-docs", "/v3/api-docs/*")
                ).permitAll().and().
                authorizeExchange().anyExchange().authenticated()
                .and().cors()
                .and().csrf().disable()
                .oauth2ResourceServer().jwt().jwtAuthenticationConverter(
                        new ReactiveJwtAuthenticationConverter()
                );
        return http.build();
    }

[kdebski85]

Thank you for you explanation!

I confirm that "webjars" from security config and from URL in the browser resolves the issue.
I was a bit surprised that such change was introduced in hotfix version 2.8.4, not in 2.9.0.
Also, https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md was not helpful in finding what needs to be changed.

I am closing the issue.

[ostecke]

Thank you for your guidance on fixing this @abdelmoez-guetat ! I'm kind of surprised to see this breaking change in a patch version. Is this a one-off or is this something I can expect to happen more often in the future?

[priitl]

Hello @kdebski85,

The correct URL to access Swagger for the Spring Boot 3.4.2 application with springdoc-openapi-starter-webflux-ui 2.8.4 is:

http://127.0.0.1:8080/swagger-ui/index.html

Instead of using the /webjars path, please try navigating directly to the URL above.

...

Although http://127.0.0.1:8080/swagger-ui/index.html correctly serves the API, the default Pet Store UI is still accessible at: http://127.0.0.1:8080/webjars/swagger-ui/index.html. To remove the Pet Store UI, I modified the Swagger UI path by setting the following configuration:

springdoc.swagger-ui.path: /webjars/index.html

[gwimmel]

Hello @kdebski85 , did the warning "Appended trailing slash to static resource location" in the log go away when you used the path without webjars?

In my project, the warning is produced at application startup and seems to be independent from a security configuration.

[kdebski85]

Hello @kdebski85 , did the warning "Appended trailing slash to static resource location" in the log go away when you used the path without webjars?

In my project, the warning is produced at application startup and seems to be independent from a security configuration.

@gwimmel
I confirm that the warning is still there.
Do you think I should reopen the issue?

[gwimmel]

Hello @kdebski85 , did the warning "Appended trailing slash to static resource location" in the log go away when you used the path without webjars?
In my project, the warning is produced at application startup and seems to be independent from a security configuration.

@gwimmel I confirm that the warning is still there. Do you think I should reopen the issue?

Thanks for the confirmation, good to know. I think there should not be a warning in the log in normal operation.

Maybe it would be better to open a new bug as this one is mainly about the change of the path (which leads to the pet store example to be shown). We could try and provide a minimal example.

@abdelmoez-guetat WDYT / can you reproduce the warning?

[gwimmel]

I've created a new bug #2947 such that the warning log message can be discussed separately from the path handling change (pet store example) addressed in this bug.