Thulasi Dass Subramanian · 57ffbf1a · 90a3e41a · 65272c7e · 481b8237 · c996f87d
--- a/provider/search-azure/src/main/java/org/opengroup/osdu/search/provider/azure/security/AADSecurityConfig.java

+ 10

− 10
+++ b/provider/search-azure/src/main/java/org/opengroup/osdu/search/provider/azure/security/AADSecurityConfig.java

+ 10

− 10
 @@ -31,6 +31,15 @@ public class AADSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;

+    public static final String[] AUTH_ALLOWLIST = {"/", "/index.html",
+            "/api-docs.yaml",
+            "/api-docs/swagger-config",
+            "/api-docs/**",
+            "/swagger",
+            "/swagger-ui.html",
+            "/swagger-ui/**"
+    };
+
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
 @@ -38,16 +47,7 @@ public class AADSecurityConfig extends WebSecurityConfigurerAdapter {
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
            .and()
            .authorizeRequests()
-                .antMatchers("/", "/index.html",
-                        "/v2/api-docs",
-                        "/v3/api-docs",
-                        "/configuration/ui",
-                        "/swagger-resources/**",
-                        "/configuration/security",
-                        "/swagger",
-                        "/swagger-ui.html",
-                        "/swagger-ui/**",
-                        "/webjars/**").permitAll()
+                .antMatchers(AUTH_ALLOWLIST).permitAll()
                .anyRequest().authenticated()
            .and()
            .addFilterBefore(appRoleAuthFilter, UsernamePasswordAuthenticationFilter.class);