permit /token on the auth step after the SecureTokenFilter

eclipse-tractusx · Jan 19, 2024 · 9520502 · 9520502
1 parent 3e7c9d0
commit 9520502
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/...main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java b/...main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
@@ -78,6 +78,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         .requestMatchers(new AntPathRequestMatcher("/docs/api-docs/**")).permitAll()
                         .requestMatchers(new AntPathRequestMatcher("/ui/swagger-ui/**")).permitAll()
                         .requestMatchers(new AntPathRequestMatcher("/actuator/health/**")).permitAll()
+                        .requestMatchers("/token").permitAll() // no token needed, as we use the SecureWebTokenFilter instead
                         .requestMatchers(new AntPathRequestMatcher("/actuator/loggers/**")).hasRole(ApplicationRole.ROLE_MANAGE_APP)
 
                         //did document resolve APIs