File tree Expand file tree Collapse file tree
orcid-api-web/src/main/resources
orcid-internal-api/src/main/resources Expand file tree Collapse file tree Original file line number Diff line number Diff line change 2020 <sec : http pattern =" /v2**/o2c.html" security =" none" />
2121 <sec : http pattern =" /v3**/o2c.html" security =" none" />
2222
23- <!-- Status check -->
24- <sec : http pattern =" /v*/status" security =" none" />
25- <sec : http pattern =" /v*/apiStatus" security =" none" />
23+ <!-- Status checks allow anonymous access, but still process bearer tokens when present -->
24+ <sec : http pattern =" /v*/status" create-session =" stateless" >
25+ <sec : csrf disabled =" true" />
26+ <sec : anonymous enabled =" true" />
27+ <sec : http-basic entry-point-ref =" apiAuthenticationEntryPoint" />
28+ <sec : custom-filter ref =" orcidBearerTokenFilter" before =" PRE_AUTH_FILTER" />
29+ <sec : intercept-url pattern =" /**" access =" permitAll" />
30+ <sec : access-denied-handler ref =" orcidAPIAccessDeniedHandler" />
31+ </sec : http >
32+
33+ <sec : http pattern =" /v*/apiStatus" create-session =" stateless" >
34+ <sec : csrf disabled =" true" />
35+ <sec : anonymous enabled =" true" />
36+ <sec : http-basic entry-point-ref =" apiAuthenticationEntryPoint" />
37+ <sec : custom-filter ref =" orcidBearerTokenFilter" before =" PRE_AUTH_FILTER" />
38+ <sec : intercept-url pattern =" /**" access =" permitAll" />
39+ <sec : access-denied-handler ref =" orcidAPIAccessDeniedHandler" />
40+ </sec : http >
2641
2742 <!-- Token endpoint -->
2843 <sec : http pattern =" /oauth/token" security =" none" />
Original file line number Diff line number Diff line change 1212 <!-- Token endpoint -->
1313 <sec : http pattern =" /oauth/token" security =" none" />
1414
15+ <!-- Status check allows anonymous access, but still processes bearer tokens when present -->
16+ <sec : http pattern =" /status" create-session =" stateless" >
17+ <sec : csrf disabled =" true" />
18+ <sec : anonymous enabled =" true" />
19+ <sec : http-basic entry-point-ref =" apiAuthenticationEntryPoint" />
20+ <sec : custom-filter ref =" orcidBearerTokenFilter" before =" PRE_AUTH_FILTER" />
21+ <sec : intercept-url pattern =" /**" access =" permitAll" />
22+ <sec : access-denied-handler ref =" orcidAPIAccessDeniedHandler" />
23+ </sec : http >
24+
1525 <sec : http create-session =" stateless" >
1626 <sec : csrf disabled =" true" />
1727 <sec : anonymous enabled =" true" />
You can’t perform that action at this time.
0 commit comments