web: SecurityConfig: Whitelist paths do not require authHeader or ses…

…sion Signed-off-by: Shashank Verma <[email protected]>
CC-MNNIT · Sep 28, 2023 · 343e696 · 343e696
1 parent 36f8df6
commit 343e696
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/src/main/kotlin/com/mnnit/moticlubs/web/security/SecurityConfig.kt b/src/main/kotlin/com/mnnit/moticlubs/web/security/SecurityConfig.kt
@@ -108,6 +108,13 @@ class SecurityConfig(
 
             val reqPath = exchange.request.path.value()
 
+            if (AUTH_WHITELIST_PATH
+                    .map { "$contextPath$it" }
+                    .any { reqPath.startsWith(it) }
+            ) {
+                return@setServerAuthenticationConverter Mono.empty()
+            }
+
             LOGGER.info("attempt path: ${exchange.request.method.name()} ${exchange.request.path.value()}")
             val authHeader = exchange.request.headers[HttpHeaders.AUTHORIZATION]
                 ?.first()
@@ -118,10 +125,6 @@ class SecurityConfig(
                 val validSession = session.isStarted && !session.isExpired
 
                 authHeader ?: return@flatMap when {
-                    AUTH_WHITELIST_PATH
-                        .map { "$contextPath$it" }
-                        .any { reqPath.startsWith(it) } -> Mono.empty()
-
                     reqPath.startsWith("$contextPath/$BASE_PATH") -> if (validSession) {
                         Mono.empty()
                     } else {