🔧 add new sec rule to backend: allow /public/** endpoints to be used unauthorized

FabianWilms · FabianWilms · commit eddbfa5da9e3 · 2025-09-02T08:51:33.000+02:00
diff --git a/personalization-service/src/main/java/de/muenchen/dbs/personalization/configuration/SecurityConfiguration.java b/personalization-service/src/main/java/de/muenchen/dbs/personalization/configuration/SecurityConfiguration.java
@@ -52,7 +52,8 @@ public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception
                         // allow access to swagger-ui
                         PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/swagger-ui/**"),
                         // allow access to /actuator/metrics for Prometheus monitoring in OpenShift
-                        PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/actuator/metrics"))
+                        PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/actuator/metrics"),
+                        PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/public/**"))
                         .permitAll())
                 .authorizeHttpRequests((requests) -> requests.requestMatchers("/**")
                         .authenticated())
