From 67db57ba4114c7eb43ecadbd3cbf5ab9afb55833 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton.tananaev@gmail.com>
Date: Wed, 20 Jan 2016 09:30:19 +1300
Subject: Try to authenticate all requests

---
 src/org/traccar/api/SecurityRequestFilter.java | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

(limited to 'src/org/traccar/api')

diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java
index f207b6bff..20186b0cb 100644
--- a/src/org/traccar/api/SecurityRequestFilter.java
+++ b/src/org/traccar/api/SecurityRequestFilter.java
@@ -55,11 +55,6 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
 
     @Override
     public void filter(ContainerRequestContext requestContext) {
-        Method method = resourceInfo.getResourceMethod();
-        if (method.isAnnotationPresent(PermitAll.class)) {
-            return;
-        }
-
         SecurityContext securityContext = null;
 
         String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER);
@@ -87,8 +82,11 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
         if (securityContext != null) {
             requestContext.setSecurityContext(securityContext);
         } else {
-            throw new WebApplicationException(
-                    Response.status(Response.Status.UNAUTHORIZED).header(WWW_AUTHENTICATE, BASIC_REALM).build());
+            Method method = resourceInfo.getResourceMethod();
+            if (!method.isAnnotationPresent(PermitAll.class)) {
+                throw new WebApplicationException(
+                        Response.status(Response.Status.UNAUTHORIZED).header(WWW_AUTHENTICATE, BASIC_REALM).build());
+            }
         }
     }
 
-- 
cgit v1.2.3