From 67db57ba4114c7eb43ecadbd3cbf5ab9afb55833 Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Wed, 20 Jan 2016 09:30:19 +1300 Subject: Try to authenticate all requests --- src/org/traccar/api/SecurityRequestFilter.java | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java index f207b6bff..20186b0cb 100644 --- a/src/org/traccar/api/SecurityRequestFilter.java +++ b/src/org/traccar/api/SecurityRequestFilter.java @@ -55,11 +55,6 @@ public class SecurityRequestFilter implements ContainerRequestFilter { @Override public void filter(ContainerRequestContext requestContext) { - Method method = resourceInfo.getResourceMethod(); - if (method.isAnnotationPresent(PermitAll.class)) { - return; - } - SecurityContext securityContext = null; String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER); @@ -87,8 +82,11 @@ public class SecurityRequestFilter implements ContainerRequestFilter { if (securityContext != null) { requestContext.setSecurityContext(securityContext); } else { - throw new WebApplicationException( - Response.status(Response.Status.UNAUTHORIZED).header(WWW_AUTHENTICATE, BASIC_REALM).build()); + Method method = resourceInfo.getResourceMethod(); + if (!method.isAnnotationPresent(PermitAll.class)) { + throw new WebApplicationException( + Response.status(Response.Status.UNAUTHORIZED).header(WWW_AUTHENTICATE, BASIC_REALM).build()); + } } } -- cgit v1.2.3