ForcePasswordChangeFilter should not run on /ws

openmrs · Oct 10, 2024 · fea2c6e · fea2c6e
1 parent d111cdf
commit fea2c6e
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/omod/src/main/java/org/openmrs/module/web/filter/ForcePasswordChangeFilter.java b/omod/src/main/java/org/openmrs/module/web/filter/ForcePasswordChangeFilter.java
@@ -50,7 +50,8 @@ public void destroy() {
 	 */
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
 	        ServletException {
-		String requestURI = ((HttpServletRequest) request).getRequestURI();
+		HttpServletRequest httpRequest = (HttpServletRequest) request;
+		String requestURI = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());
 
 		if (Context.isAuthenticated()
 		        && new UserProperties(Context.getAuthenticatedUser().getUserProperties()).isSupposedToChangePassword()
@@ -65,10 +66,13 @@ && shouldNotAllowAccessToUrl(requestURI)) {
 	 * Method to check if the request url is an excluded url.
 	 * 
 	 * @param requestURI
-	 * @param excludeURL
 	 * @return
 	 */
 	private boolean shouldNotAllowAccessToUrl(String requestURI) {
+		// /ws is reserved
+		if (requestURI.startsWith("/ws")) {
+			return false;
+		}
 
 		for (String url : excludedURLs) {
 			if (requestURI.endsWith(url)) {