zuul网关改成gateway网关，小问题解决

bi-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -25,15 +25,20 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
         String url, method;
-        if ("anonymousUser".equals(authentication.getPrincipal())
-                && (matchers("/swagger/**", request)
-                || matchers("/v2/**", request)
-                || matchers("/webjars/**", request)
-                || matchers("/druid/**", request)
-                || matchers("/actuator/**", request)
-                || matchers("/hystrix/**", request)
-                || matchers("/", request))) {
-            return;
+        if ("anonymousUser".equals(authentication.getPrincipal())){
+            if (matchers("/swagger/**", request)
+                    || matchers("/v2/**", request)
+                    || matchers("/swagger-ui.html/**", request)
+                    || matchers("/swagger-resources/**", request)
+                    || matchers("/webjars/**", request)
+                    || matchers("/druid/**", request)
+                    || matchers("/actuator/**", request)
+                    || matchers("/hystrix/**", request)
+                    || matchers("/", request)){
+                return;
+            } else {
+                throw new AccessDeniedException("no right");
+            }
         } else {
             for (GrantedAuthority ga : authentication.getAuthorities()) {
                 String[] authority = ga.getAuthority().split(";");

config-server/src/main/resources/shared/gateway-service-local.yml

@@ -10,43 +10,44 @@ ribbon:
   ReadTimeout: 20000
   ConnectTimeout: 20000
 
-zuul:
-  host:
-    connect-timeout-millis: 20000
-    socket-timeout-millis: 20000
+#zuul:
+#  host:
+#    connect-timeout-millis: 20000
+#    socket-timeout-millis: 20000
+#
+#  routes:
+#    user-service:
+#      path: /userapi/**
+#      serviceId: user-service
+#      sensitiveHeaders:
+#
+#    logger-service:
+#      path: /logapi/**
+#      serviceId: logger-service
+#      sensitiveHeaders:
+#
+#    bi-service:
+#      path: /biapi/**
+#      serviceId: bi-service
+#      sensitiveHeaders:
+#
+#    diagbotman-service:
+#      path: /diagbotmanapi/**
+#      serviceId: diagbotman-service
+#      sensitiveHeaders:
+#
+#    feedback-service:
+#      path: /feedbackapi/**
+#      serviceId: feedback-service
+#      sensitiveHeaders:
+#
+#    knowledge-service:
+#      path: /knowledgeapi/**
+#      serviceId: knowledge-service
+#      sensitiveHeaders:
 
-  routes:
-    user-service:
-      path: /userapi/**
-      serviceId: user-service
-      sensitiveHeaders:
-
-    logger-service:
-      path: /logapi/**
-      serviceId: logger-service
-      sensitiveHeaders:
-
-    bi-service:
-      path: /biapi/**
-      serviceId: bi-service
-      sensitiveHeaders:
-
-    diagbotman-service:
-      path: /diagbotmanapi/**
-      serviceId: diagbotman-service
-      sensitiveHeaders:
-
-    feedback-service:
-      path: /feedbackapi/**
-      serviceId: feedback-service
-      sensitiveHeaders:
-
-    knowledge-service:
-      path: /knowledgeapi/**
-      serviceId: knowledge-service
-      sensitiveHeaders:
-#mq
 spring:
+  #mq
   rabbitmq:
     host: localhost
     port: 5672
@@ -54,6 +55,65 @@ spring:
     password: guest
     publisher-confirms: true
     virtual-host: /
+  cloud:
+      gateway:
+        locator:
+          enabled: true
+        routes:
+        - id: user-service
+          uri: lb://user-service
+          predicates:
+          - Path=/userapi/**
+          filters:
+          - SwaggerHeaderFilter
+          - StripPrefix=1
+        - id: logger-service
+          uri: lb://logger-service
+          predicates:
+          - Path=/logapi/**
+          filters:
+          - SwaggerHeaderFilter
+          - StripPrefix=1
+        - id: bi-service
+          uri: lb://bi-service
+          predicates:
+          - Path=/biapi/**
+          filters:
+          - SwaggerHeaderFilter
+          - StripPrefix=1
+        - id: diagbotman-service
+          uri: lb://diagbotman-service
+          predicates:
+          - Path=/diagbotmanapi/**
+          filters:
+          - SwaggerHeaderFilter
+          - StripPrefix=1
+        - id: feedback-service
+          uri: lb://feedback-service
+          predicates:
+          - Path=/feedbackapi/**
+          filters:
+          - SwaggerHeaderFilter
+          - StripPrefix=1
+        - id: knowledge-service
+          uri: lb://knowledge-service
+          predicates:
+          - Path=/knowledgeapi/**
+          filters:
+          - SwaggerHeaderFilter
+          - StripPrefix=1
+        - id: monitor-service
+          uri: lb://monitor-service
+          predicates:
+          - Path=/monitorapi/**
+#          filters:
+#          - StripPrefix=1
+        - id: admin-service
+          uri: lb://admin-service
+          predicates:
+          - Path=/adminapi/**
+#          filters:
+#          - StripPrefix=1
 
 server:
   port: 5050

diagbotman-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -25,15 +25,20 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
         String url, method;
-        if ("anonymousUser".equals(authentication.getPrincipal())
-                && (matchers("/swagger/**", request)
-                || matchers("/v2/**", request)
-                || matchers("/webjars/**", request)
-                || matchers("/druid/**", request)
-                || matchers("/actuator/**", request)
-                || matchers("/hystrix/**", request)
-                || matchers("/", request))) {
-            return;
+        if ("anonymousUser".equals(authentication.getPrincipal())){
+            if (matchers("/swagger/**", request)
+                    || matchers("/v2/**", request)
+                    || matchers("/swagger-ui.html/**", request)
+                    || matchers("/swagger-resources/**", request)
+                    || matchers("/webjars/**", request)
+                    || matchers("/druid/**", request)
+                    || matchers("/actuator/**", request)
+                    || matchers("/hystrix/**", request)
+                    || matchers("/", request)){
+                return;
+            } else {
+                throw new AccessDeniedException("no right");
+            }
         } else {
             for (GrantedAuthority ga : authentication.getAuthorities()) {
                 String[] authority = ga.getAuthority().split(";");

feedback-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -25,15 +25,20 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
         String url, method;
-        if ("anonymousUser".equals(authentication.getPrincipal())
-                && (matchers("/swagger/**", request)
-                || matchers("/v2/**", request)
-                || matchers("/webjars/**", request)
-                || matchers("/druid/**", request)
-                || matchers("/actuator/**", request)
-                || matchers("/hystrix/**", request)
-                || matchers("/", request))) {
-            return;
+        if ("anonymousUser".equals(authentication.getPrincipal())){
+            if (matchers("/swagger/**", request)
+                    || matchers("/v2/**", request)
+                    || matchers("/swagger-ui.html/**", request)
+                    || matchers("/swagger-resources/**", request)
+                    || matchers("/webjars/**", request)
+                    || matchers("/druid/**", request)
+                    || matchers("/actuator/**", request)
+                    || matchers("/hystrix/**", request)
+                    || matchers("/", request)){
+                return;
+            } else {
+                throw new AccessDeniedException("no right");
+            }
         } else {
             for (GrantedAuthority ga : authentication.getAuthorities()) {
                 String[] authority = ga.getAuthority().split(";");

gateway-service/pom.xml

@@ -21,22 +21,16 @@
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.springframework.boot</groupId>
-                    <artifactId>spring-boot-starter-tomcat</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-undertow</artifactId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-netflix-zuul</artifactId>
+            <artifactId>spring-cloud-starter-gateway</artifactId>
         </dependency>
+        <!--<dependency>-->
+            <!--<groupId>org.springframework.boot</groupId>-->
+            <!--<artifactId>spring-boot-starter-data-redis-reactive</artifactId>-->
+        <!--</dependency>-->
         <!-- 配置-->
         <dependency>
             <groupId>org.springframework.cloud</groupId>
@@ -61,6 +55,12 @@
             <artifactId>spring-cloud-starter-bus-amqp</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <optional>true</optional>
+        </dependency>
+
         <!--热部署引用-->
         <dependency>
             <groupId>org.springframework.boot</groupId>

gateway-service/src/main/java/com/diagbot/GatewayServiceApplication.java

@@ -4,7 +4,6 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.context.config.annotation.RefreshScope;
 import org.springframework.cloud.netflix.eureka.EnableEurekaClient;
-import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
 
 /**
  * @Description: 网关启动文件
@@ -12,7 +11,6 @@ import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
  * @time: 2018/8/1 14:58
  */
 @SpringBootApplication
-@EnableZuulProxy
 @EnableEurekaClient
 @RefreshScope
 public class GatewayServiceApplication {
@@ -21,9 +19,4 @@ public class GatewayServiceApplication {
         SpringApplication.run(GatewayServiceApplication.class, args);
     }
 
-//    @Bean
-//    public IPFilter ipFilter() {
-//        return new IPFilter();
-//    }
-
 }

gateway-service/src/main/java/com/diagbot/config/swagger/GatewaySwaggerResourcesProvider.java

@@ -1,47 +0,0 @@
-package com.diagbot.config.swagger;
-
-import org.springframework.cloud.netflix.zuul.filters.Route;
-import org.springframework.cloud.netflix.zuul.filters.RouteLocator;
-import org.springframework.context.annotation.Primary;
-import org.springframework.stereotype.Component;
-import springfox.documentation.swagger.web.SwaggerResource;
-import springfox.documentation.swagger.web.SwaggerResourcesProvider;
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * @Description: 集中管理swagger
- * @author: gaodm
- * @time: 2018/8/22 16:44
- */
-@Component
-@Primary
-public class GatewaySwaggerResourcesProvider implements SwaggerResourcesProvider {
-    private final RouteLocator routeLocator;
-
-    public GatewaySwaggerResourcesProvider(RouteLocator routeLocator) {
-        this.routeLocator = routeLocator;
-    }
-
-    @Override
-    public List<SwaggerResource> get() {
-        List<SwaggerResource> resources = new ArrayList<>();
-        List<Route> routes = routeLocator.getRoutes();
-        List<String> routeIds = new ArrayList<>();
-        for (Route route:routes) {
-            if (!routeIds.contains(route.getId())){
-                resources.add(swaggerResource(route.getId(), route.getFullPath().replace("**", "v2/api-docs")));
-                routeIds.add(route.getId());
-            }
-        }
-        return resources;
-    }
-    private SwaggerResource swaggerResource(String name, String location) {
-        SwaggerResource swaggerResource = new SwaggerResource();
-        swaggerResource.setName(name);
-        swaggerResource.setLocation(location);
-        swaggerResource.setSwaggerVersion("2.0");
-        return swaggerResource;
-    }
-}

gateway-service/src/main/java/com/diagbot/config/swagger/SwaggerConfig.java

@@ -1,34 +0,0 @@
-package com.diagbot.config.swagger;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import springfox.documentation.builders.ApiInfoBuilder;
-import springfox.documentation.service.ApiInfo;
-import springfox.documentation.spi.DocumentationType;
-import springfox.documentation.spring.web.plugins.Docket;
-import springfox.documentation.swagger2.annotations.EnableSwagger2;
-
-/**
- * @Description: 集中管理swagger
- * @author: gaodm
- * @time: 2018/8/21 16:25
- */
-@Configuration
-@EnableSwagger2
-public class SwaggerConfig {
-    @Bean
-    public Docket createRestApi() {
-        return new Docket(DocumentationType.SWAGGER_2)
-                .apiInfo(apiInfo());
-    }
-
-    private ApiInfo apiInfo() {
-        return new ApiInfoBuilder()
-                .title(" diagbot api ")
-                .description("diagbot 微服务")
-                .termsOfServiceUrl("")
-                .contact("diagbot")
-                .version("1.0")
-                .build();
-    }
-}

gateway-service/src/main/java/com/diagbot/config/swagger/SwaggerProvider.java

@@ -0,0 +1,50 @@
+package com.diagbot.config.swagger;
+
+import lombok.AllArgsConstructor;
+import org.springframework.cloud.gateway.config.GatewayProperties;
+import org.springframework.cloud.gateway.route.RouteLocator;
+import org.springframework.cloud.gateway.support.NameUtils;
+import org.springframework.context.annotation.Primary;
+import org.springframework.stereotype.Component;
+import springfox.documentation.swagger.web.SwaggerResource;
+import springfox.documentation.swagger.web.SwaggerResourcesProvider;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @Description: swagger 集中管理
+ * @author: gaodm
+ * @time: 2018/8/28 14:12
+ */
+@Component
+@Primary
+@AllArgsConstructor
+public class SwaggerProvider implements SwaggerResourcesProvider {
+    public static final String API_URI = "/v2/api-docs";
+    private final RouteLocator routeLocator;
+    private final GatewayProperties gatewayProperties;
+
+
+    @Override
+    public List<SwaggerResource> get() {
+        List<SwaggerResource> resources = new ArrayList<>();
+        List<String> routes = new ArrayList<>();
+        routeLocator.getRoutes().subscribe(route -> routes.add(route.getId()));
+        gatewayProperties.getRoutes().stream().filter(routeDefinition -> routes.contains(routeDefinition.getId()))
+                .forEach(routeDefinition -> routeDefinition.getPredicates().stream()
+                        .filter(predicateDefinition -> ("Path").equalsIgnoreCase(predicateDefinition.getName()))
+                        .forEach(predicateDefinition -> resources.add(swaggerResource(routeDefinition.getId(),
+                                predicateDefinition.getArgs().get(NameUtils.GENERATED_NAME_PREFIX + "0")
+                                        .replace("/**", API_URI)))));
+        return resources;
+    }
+
+    private SwaggerResource swaggerResource(String name, String location) {
+        SwaggerResource swaggerResource = new SwaggerResource();
+        swaggerResource.setName(name);
+        swaggerResource.setLocation(location);
+        swaggerResource.setSwaggerVersion("2.0");
+        return swaggerResource;
+    }
+}

gateway-service/src/main/java/com/diagbot/filter/IPFilter.java

@@ -1,85 +0,0 @@
-package com.diagbot.filter;
-
-import com.netflix.zuul.ZuulFilter;
-import com.netflix.zuul.context.RequestContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * @Description:
- * @author: gaodm
- * @time: 2018/8/8 13:58
- */
-@Component
-public class IPFilter extends ZuulFilter {
-
-    Logger logger= LoggerFactory.getLogger(getClass());
-
-    @Override
-    public String filterType() {
-        return "pre";
-    }
-
-    @Override
-    public int filterOrder() {
-        return 0;
-    }
-
-    @Override
-    public boolean shouldFilter() {
-        return true;
-    }
-
-    @Override
-    public Object run() {
-//        RequestContext ctx= RequestContext.getCurrentContext();
-//        HttpServletRequest req=ctx.getRequest();
-//        String ipAddr=this.getIpAddr(req);
-//        logger.info("请求IP地址为：[{}]",ipAddr);
-//        //配置本地IP白名单，生产环境可放入数据库或者redis中
-//        List<String> ips=new ArrayList<String>();
-//        ips.add("172.0.0.1");
-//        ips.add("171.0.0.1");
-//        ips.add("0:0:0:0:0:0:0:1");
-//
-//        if(!ips.contains(ipAddr)){
-//            logger.info("IP地址校验不通过！！！");
-//            ctx.setResponseStatusCode(401);
-//            ctx.setSendZuulResponse(false);
-//            ctx.setResponseBody("IpAddr is forbidden!");
-//        }
-//        logger.info("IP校验通过。");
-        return null;
-    }
-
-    /**
-     * 获取Ip地址
-     * @param request
-     * @return
-     */
-    public  String getIpAddr(HttpServletRequest request){
-
-        String ip = request.getHeader("X-Forwarded-For");
-        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
-            ip = request.getHeader("Proxy-Client-IP");
-        }
-        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
-            ip = request.getHeader("WL-Proxy-Client-IP");
-        }
-        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
-            ip = request.getHeader("HTTP_CLIENT_IP");
-        }
-        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
-            ip = request.getHeader("HTTP_X_FORWARDED_FOR");
-        }
-        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
-            ip = request.getRemoteAddr();
-        }
-        return ip;
-    }
-}

gateway-service/src/main/java/com/diagbot/filter/SwaggerHeaderFilter.java

@@ -0,0 +1,32 @@
+package com.diagbot.filter;
+
+import com.diagbot.config.swagger.SwaggerProvider;
+import org.springframework.cloud.gateway.filter.GatewayFilter;
+import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.server.ServerWebExchange;
+
+@Component
+public class SwaggerHeaderFilter extends AbstractGatewayFilterFactory {
+    private static final String HEADER_NAME = "X-Forwarded-Prefix";
+
+    @Override
+    public GatewayFilter apply(Object config) {
+        return (exchange, chain) -> {
+            ServerHttpRequest request = exchange.getRequest();
+            String path = request.getURI().getPath();
+            if (!StringUtils.endsWithIgnoreCase(path, SwaggerProvider.API_URI)) {
+                return chain.filter(exchange);
+            }
+
+            String basePath = path.substring(0, path.lastIndexOf(SwaggerProvider.API_URI));
+
+
+            ServerHttpRequest newRequest = request.mutate().header(HEADER_NAME, basePath).build();
+            ServerWebExchange newExchange = exchange.mutate().request(newRequest).build();
+            return chain.filter(newExchange);
+        };
+    }
+}

gateway-service/src/main/java/com/diagbot/handler/SwaggerHandler.java

@@ -0,0 +1,49 @@
+package com.diagbot.handler;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import reactor.core.publisher.Mono;
+import springfox.documentation.swagger.web.SecurityConfiguration;
+import springfox.documentation.swagger.web.SecurityConfigurationBuilder;
+import springfox.documentation.swagger.web.SwaggerResourcesProvider;
+import springfox.documentation.swagger.web.UiConfiguration;
+import springfox.documentation.swagger.web.UiConfigurationBuilder;
+
+import java.util.Optional;
+
+@RestController
+@RequestMapping("/swagger-resources")
+public class SwaggerHandler {
+    @Autowired(required = false)
+    private SecurityConfiguration securityConfiguration;
+    @Autowired(required = false)
+    private UiConfiguration uiConfiguration;
+    private final SwaggerResourcesProvider swaggerResources;
+
+    @Autowired
+    public SwaggerHandler(SwaggerResourcesProvider swaggerResources) {
+        this.swaggerResources = swaggerResources;
+    }
+
+
+    @GetMapping("/configuration/security")
+    public Mono<ResponseEntity<SecurityConfiguration>> securityConfiguration() {
+        return Mono.just(new ResponseEntity<>(
+                Optional.ofNullable(securityConfiguration).orElse(SecurityConfigurationBuilder.builder().build()), HttpStatus.OK));
+    }
+
+    @GetMapping("/configuration/ui")
+    public Mono<ResponseEntity<UiConfiguration>> uiConfiguration() {
+        return Mono.just(new ResponseEntity<>(
+                Optional.ofNullable(uiConfiguration).orElse(UiConfigurationBuilder.builder().build()), HttpStatus.OK));
+    }
+
+    @GetMapping("")
+    public Mono<ResponseEntity> swaggerResources() {
+        return Mono.just((new ResponseEntity<>(swaggerResources.get(), HttpStatus.OK)));
+    }
+}

knowledge-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -25,15 +25,20 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
         String url, method;
-        if ("anonymousUser".equals(authentication.getPrincipal())
-                && (matchers("/swagger/**", request)
-                || matchers("/v2/**", request)
-                || matchers("/webjars/**", request)
-                || matchers("/druid/**", request)
-                || matchers("/actuator/**", request)
-                || matchers("/hystrix/**", request)
-                || matchers("/", request))) {
-            return;
+        if ("anonymousUser".equals(authentication.getPrincipal())){
+            if (matchers("/swagger/**", request)
+                    || matchers("/v2/**", request)
+                    || matchers("/swagger-ui.html/**", request)
+                    || matchers("/swagger-resources/**", request)
+                    || matchers("/webjars/**", request)
+                    || matchers("/druid/**", request)
+                    || matchers("/actuator/**", request)
+                    || matchers("/hystrix/**", request)
+                    || matchers("/", request)){
+                return;
+            } else {
+                throw new AccessDeniedException("no right");
+            }
         } else {
             for (GrantedAuthority ga : authentication.getAuthorities()) {
                 String[] authority = ga.getAuthority().split(";");

log-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -25,15 +25,20 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
         String url, method;
-        if ("anonymousUser".equals(authentication.getPrincipal())
-                && (matchers("/swagger/**", request)
-                || matchers("/v2/**", request)
-                || matchers("/webjars/**", request)
-                || matchers("/druid/**", request)
-                || matchers("/actuator/**", request)
-                || matchers("/hystrix/**", request)
-                || matchers("/", request))) {
-            return;
+        if ("anonymousUser".equals(authentication.getPrincipal())){
+            if (matchers("/swagger/**", request)
+                    || matchers("/v2/**", request)
+                    || matchers("/swagger-ui.html/**", request)
+                    || matchers("/swagger-resources/**", request)
+                    || matchers("/webjars/**", request)
+                    || matchers("/druid/**", request)
+                    || matchers("/actuator/**", request)
+                    || matchers("/hystrix/**", request)
+                    || matchers("/", request)){
+                return;
+            } else {
+                throw new AccessDeniedException("no right");
+            }
         } else {
             for (GrantedAuthority ga : authentication.getAuthorities()) {
                 String[] authority = ga.getAuthority().split(";");

user-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -26,9 +26,11 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
         String url, method;
-        if ("anonymousUser".equals(authentication.getPrincipal())
-                && (matchers("/swagger/**", request)
+        if ("anonymousUser".equals(authentication.getPrincipal())){
+                if (matchers("/swagger/**", request)
                 || matchers("/v2/**", request)
+                || matchers("/swagger-ui.html/**", request)
+                || matchers("/swagger-resources/**", request)
                 || matchers("/webjars/**", request)
                 || matchers("/user/login/**", request)
                 || matchers("/user/registry/**", request)
@@ -37,8 +39,11 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
                 || matchers("/actuator/**", request)
                 || matchers("/hystrix/**", request)
                 || matchers("/hi/**", request)
-                || matchers("/", request))) {
-            return;
+                || matchers("/", request)){
+                    return;
+                } else {
+                    throw new AccessDeniedException("no right");
+                }
         } else {
             for (GrantedAuthority ga : authentication.getAuthorities()) {
                 String[] authority = ga.getAuthority().split(";");