Change correct filter for security

2025-11-11 07:55:47 +01:00 · 2018-09-28 15:55:42 +02:00
parent ed9b10b86f
commit e28f30fbea
3 changed files with 3 additions and 3 deletions
--- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
@@ -84,7 +84,7 @@ public class SecurityFilter extends HttpFilter
    HttpServletResponse response, FilterChain chain)
    throws IOException, ServletException
  {
-    if (!SecurityRequests.isAuthenticationRequest(request))
+    if (!SecurityRequests.isAuthenticationRequest(request) && !SecurityRequests.isIndexRequest(request))
    {
      Subject subject = SecurityUtils.getSubject();
      if (hasPermission(subject))
--- a/scm-webapp/src/main/java/sonia/scm/security/SecurityRequests.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/SecurityRequests.java
@@ -26,7 +26,7 @@ public final class SecurityRequests {

  public static boolean isIndexRequest(HttpServletRequest request) {
    String uri = request.getRequestURI().substring(request.getContextPath().length());
-    return isAuthenticationRequest(uri);
+    return isIndexRequest(uri);
  }

  public static boolean isIndexRequest(String uri) {
--- a/scm-webapp/src/main/java/sonia/scm/web/security/ApiAuthenticationFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/ApiAuthenticationFilter.java
@@ -99,7 +99,7 @@ public class ApiAuthenticationFilter extends AuthenticationFilter
    throws IOException, ServletException
  {
    // skip filter on login resource
-    if (SecurityRequests.isAuthenticationRequest(request) || SecurityRequests.isIndexRequest(request))
+    if (SecurityRequests.isAuthenticationRequest(request) )
    {
      chain.doFilter(request, response);
    }