diff options
-rw-r--r-- | src/org/traccar/api/SecurityRequestFilter.java | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java index f207b6bff..20186b0cb 100644 --- a/src/org/traccar/api/SecurityRequestFilter.java +++ b/src/org/traccar/api/SecurityRequestFilter.java @@ -55,11 +55,6 @@ public class SecurityRequestFilter implements ContainerRequestFilter { @Override public void filter(ContainerRequestContext requestContext) { - Method method = resourceInfo.getResourceMethod(); - if (method.isAnnotationPresent(PermitAll.class)) { - return; - } - SecurityContext securityContext = null; String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER); @@ -87,8 +82,11 @@ public class SecurityRequestFilter implements ContainerRequestFilter { if (securityContext != null) { requestContext.setSecurityContext(securityContext); } else { - throw new WebApplicationException( - Response.status(Response.Status.UNAUTHORIZED).header(WWW_AUTHENTICATE, BASIC_REALM).build()); + Method method = resourceInfo.getResourceMethod(); + if (!method.isAnnotationPresent(PermitAll.class)) { + throw new WebApplicationException( + Response.status(Response.Status.UNAUTHORIZED).header(WWW_AUTHENTICATE, BASIC_REALM).build()); + } } } |