Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-11 16:05:44 +01:00
Code Issues Packages Projects Releases Activity

Change correct filter for security

Browse Source
This commit is contained in:
René Pfeuffer
2018-09-28 15:55:42 +02:00
parent ed9b10b86f
commit e28f30fbea
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
View File

@@ -84,7 +84,7 @@ public class SecurityFilter extends HttpFilter
HttpServletResponse response, FilterChain chain) HttpServletResponse response, FilterChain chain)
throws IOException, ServletException throws IOException, ServletException
{ {
if (!SecurityRequests.isAuthenticationRequest(request)) if (!SecurityRequests.isAuthenticationRequest(request) && !SecurityRequests.isIndexRequest(request))
{ {
Subject subject = SecurityUtils.getSubject(); Subject subject = SecurityUtils.getSubject();
if (hasPermission(subject)) if (hasPermission(subject))

2
scm-webapp/src/main/java/sonia/scm/security/SecurityRequests.java
View File

@@ -26,7 +26,7 @@ public final class SecurityRequests {
public static boolean isIndexRequest(HttpServletRequest request) { public static boolean isIndexRequest(HttpServletRequest request) {
String uri = request.getRequestURI().substring(request.getContextPath().length()); String uri = request.getRequestURI().substring(request.getContextPath().length());
return isAuthenticationRequest(uri); return isIndexRequest(uri);
} }
public static boolean isIndexRequest(String uri) { public static boolean isIndexRequest(String uri) {

2
scm-webapp/src/main/java/sonia/scm/web/security/ApiAuthenticationFilter.java
View File

@@ -99,7 +99,7 @@ public class ApiAuthenticationFilter extends AuthenticationFilter
throws IOException, ServletException throws IOException, ServletException
{ {
// skip filter on login resource // skip filter on login resource
if (SecurityRequests.isAuthenticationRequest(request) || SecurityRequests.isIndexRequest(request)) if (SecurityRequests.isAuthenticationRequest(request) )
{ {
chain.doFilter(request, response); chain.doFilter(request, response);
} }