Skip to content

fix: Update public endpoint processing. #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lukaDjordjevic01 merged 1 commit into from
Feb 17, 2026
Merged

fix: Update public endpoint processing. #6

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 25 additions & 7 deletions src/main/java/com/devoops/gateway/filter/JwtAuthenticationFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import org.jspecify.annotations.NonNull;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
Expand All @@ -23,10 +24,24 @@
@Order(Ordered.HIGHEST_PRECEDENCE + 10)
public class JwtAuthenticationFilter extends OncePerRequestFilter {

private static final List<String> PUBLIC_PATHS = List.of(
"/api/user/auth/**",
"/api/user/test",
"/actuator/**"
private record PublicEndpoint(String pattern, HttpMethod... methods) {
boolean matchesMethod(String method) {
if (methods.length == 0) {
return true; // No method restriction = all methods allowed
}
return Arrays.stream(methods).anyMatch(m -> m.name().equalsIgnoreCase(method));
}
}

private static final List<PublicEndpoint> PUBLIC_ENDPOINTS = List.of(
// Auth endpoints - all methods
new PublicEndpoint("/api/user/auth/**"),
new PublicEndpoint("/api/user/test"),
new PublicEndpoint("/actuator/**"),
// Accommodation endpoints - GET only
new PublicEndpoint("/api/accommodation", HttpMethod.GET),
new PublicEndpoint("/api/accommodation/*/photos", HttpMethod.GET),
new PublicEndpoint("/api/accommodation/*/photos/*", HttpMethod.GET)
);

private final AntPathMatcher pathMatcher = new AntPathMatcher();
Expand All @@ -41,8 +56,9 @@ protected void doFilterInternal(@NonNull HttpServletRequest request,
@NonNull HttpServletResponse response,
@NonNull FilterChain filterChain) throws ServletException, IOException {
String path = request.getRequestURI();
String method = request.getMethod();

if (isPublicPath(path)) {
if (isPublicEndpoint(path, method)) {
filterChain.doFilter(request, response);
return;
}
Expand Down Expand Up @@ -76,8 +92,10 @@ protected void doFilterInternal(@NonNull HttpServletRequest request,
}
}

private boolean isPublicPath(String path) {
return PUBLIC_PATHS.stream().anyMatch(pattern -> pathMatcher.match(pattern, path));
private boolean isPublicEndpoint(String path, String method) {
return PUBLIC_ENDPOINTS.stream()
.anyMatch(endpoint ->
pathMatcher.match(endpoint.pattern(), path) && endpoint.matchesMethod(method));
}

private void sendError(HttpServletResponse response, String message) throws IOException {
Expand Down