Permit unathenticated index access

scm-webapp/src/main/java/sonia/scm/security/SecurityRequests.java

@@ -11,6 +11,7 @@ import static sonia.scm.api.v2.resources.ScmPathInfo.REST_API_PATH;
 public final class SecurityRequests {
 
   private static final Pattern URI_LOGIN_PATTERN = Pattern.compile(REST_API_PATH + "(?:/v2)?/auth/access_token");
+  private static final Pattern URI_INDEX_PATTERN = Pattern.compile(REST_API_PATH + "/v2/?");
 
   private SecurityRequests() {}
 
@@ -23,4 +24,13 @@ public final class SecurityRequests {
     return URI_LOGIN_PATTERN.matcher(uri).matches();
   }
 
+  public static boolean isIndexRequest(HttpServletRequest request) {
+    String uri = request.getRequestURI().substring(request.getContextPath().length());
+    return isAuthenticationRequest(uri);
+  }
+
+  public static boolean isIndexRequest(String uri) {
+    return URI_INDEX_PATTERN.matcher(uri).matches();
+  }
+
 }

scm-webapp/src/main/java/sonia/scm/web/security/ApiAuthenticationFilter.java

@@ -99,7 +99,7 @@ public class ApiAuthenticationFilter extends AuthenticationFilter
     throws IOException, ServletException
   {
     // skip filter on login resource
-    if (SecurityRequests.isAuthenticationRequest(request))
+    if (SecurityRequests.isAuthenticationRequest(request) || SecurityRequests.isIndexRequest(request))
     {
       chain.doFilter(request, response);
     }