From 37615fa4d65fa30790065a4f51d965c8257e3ddb Mon Sep 17 00:00:00 2001 From: Fiete Ostkamp Date: Fri, 27 Jun 2025 09:37:32 +0200 Subject: [PATCH] Allow access to the /error page - permit access to /error to fix auth issues related to the user loosing his authentication before being redirected to the error page Issue-ID: SO-4188 Change-Id: Iae17a7a8a2f8f12974c5b0fea7208c53244d94db Signed-off-by: Fiete Ostkamp --- .../java/org/onap/so/security/SoBasicHttpSecurityConfigurer.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/common/src/main/java/org/onap/so/security/SoBasicHttpSecurityConfigurer.java b/common/src/main/java/org/onap/so/security/SoBasicHttpSecurityConfigurer.java index da989ee42a..7c04580a78 100644 --- a/common/src/main/java/org/onap/so/security/SoBasicHttpSecurityConfigurer.java +++ b/common/src/main/java/org/onap/so/security/SoBasicHttpSecurityConfigurer.java @@ -5,15 +5,15 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * + * * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ @@ -36,7 +36,7 @@ public class SoBasicHttpSecurityConfigurer implements HttpSecurityConfigurer { @Override public void configure(final HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/error").permitAll() .antMatchers("/**") .hasAnyRole(StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ",")) .and().httpBasic(); -- 2.16.6