Docs: Spring Security note for management port: allow /v3/api-docs & Swagger UI (avoid 404/401)

### Summary
Request to add a short note showing how to permit `/v3/api-docs` and Swagger UI when using **Spring Security** and running Actuator on a separate **management port**.

### Problem
With Spring Boot 3, `/v3/api-docs` and Swagger UI are served on the **application port**, while Actuator is on the **management port**. When Spring Security is enabled, new users often get 404/401 for the docs unless these paths are explicitly permitted.

### Proposal
Add a minimal Spring Security snippet for the application port:

```java
@Bean
SecurityFilterChain api(HttpSecurity http) throws Exception {
  http
    .authorizeHttpRequests(auth -> auth
      .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
      .anyRequest().authenticated()
    )
    .oauth2ResourceServer(oauth2 -> oauth2.jwt()); // example; optional
  return http.build();
}
```
Actuator security remains configured on the management port; this snippet applies to the application port where /v3/api-docs and Swagger UI are served.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Docs: Spring Security note for management port: allow /v3/api-docs & Swagger UI (avoid 404/401) #3149

Summary

Problem

Proposal

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Docs: Spring Security note for management port: allow /v3/api-docs & Swagger UI (avoid 404/401) #3149

Description

Summary

Problem

Proposal

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions