Permit unathenticated index access

2025-11-10 23:45:44 +01:00 · 2018-09-28 14:40:26 +02:00
parent 6361ae35c1
commit ed9b10b86f
2 changed files with 11 additions and 1 deletions
--- a/scm-webapp/src/main/java/sonia/scm/security/SecurityRequests.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/SecurityRequests.java
@@ -11,6 +11,7 @@ import static sonia.scm.api.v2.resources.ScmPathInfo.REST_API_PATH;
 public final class SecurityRequests {

  private static final Pattern URI_LOGIN_PATTERN = Pattern.compile(REST_API_PATH + "(?:/v2)?/auth/access_token");
+  private static final Pattern URI_INDEX_PATTERN = Pattern.compile(REST_API_PATH + "/v2/?");

  private SecurityRequests() {}

@@ -23,4 +24,13 @@ public final class SecurityRequests {
    return URI_LOGIN_PATTERN.matcher(uri).matches();
  }

+  public static boolean isIndexRequest(HttpServletRequest request) {
+    String uri = request.getRequestURI().substring(request.getContextPath().length());
+    return isAuthenticationRequest(uri);
+  }
+
+  public static boolean isIndexRequest(String uri) {
+    return URI_INDEX_PATTERN.matcher(uri).matches();
+  }
+
 }
--- a/scm-webapp/src/main/java/sonia/scm/web/security/ApiAuthenticationFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/ApiAuthenticationFilter.java
@@ -99,7 +99,7 @@ public class ApiAuthenticationFilter extends AuthenticationFilter
    throws IOException, ServletException
  {
    // skip filter on login resource
-    if (SecurityRequests.isAuthenticationRequest(request))
+    if (SecurityRequests.isAuthenticationRequest(request) || SecurityRequests.isIndexRequest(request))
    {
      chain.doFilter(request, response);
    }