From c4ee690417c5806abd62009b4dd8f0307a11e1fe Mon Sep 17 00:00:00 2001
From: Ruslan Forostianov <ruslan@se4.bio>
Date: Mon, 15 Jul 2024 15:48:54 +0200
Subject: [PATCH] Switch off spring security on public VS endpoints

For publishing and un-publishing we use token base authorisation
---
 .../java/org/cbioportal/security/config/ApiSecurityConfig.java   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/org/cbioportal/security/config/ApiSecurityConfig.java b/src/main/java/org/cbioportal/security/config/ApiSecurityConfig.java
index 51f8e07e99d..fccec0bfad8 100644
--- a/src/main/java/org/cbioportal/security/config/ApiSecurityConfig.java
+++ b/src/main/java/org/cbioportal/security/config/ApiSecurityConfig.java
@@ -39,6 +39,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http, @Nullable Data
                     "/api/swagger-resources/**",
                     "/api/swagger-ui.html",
                     "/api/health",
+                    "/api/public_virtual_studies/**",
                     "/api/cache/**").permitAll()
                 .anyRequest().authenticated()
             )