fix: cleanup the CertificateOrAuthProtectedEndpoints security config

Signed-off-by: Richard Salac <[email protected]>
zowe · Feb 5, 2025 · 7d8edfe · 7d8edfe
1 parent b1ad98f
commit 7d8edfe
Showing 1 changed file with 4 additions and 13 deletions.
diff --git a/zaas-service/src/main/java/org/zowe/apiml/zaas/security/config/NewSecurityConfiguration.java b/zaas-service/src/main/java/org/zowe/apiml/zaas/security/config/NewSecurityConfiguration.java
@@ -502,15 +502,6 @@ class CertificateOrAuthProtectedEndpoints {
             private final CompoundAuthProvider compoundAuthProvider;
             private final AuthenticationProvider tokenAuthenticationProvider;
 
-            private final String[] protectedEndpoints = {
-                SafResourceAccessController.FULL_CONTEXT_PATH,
-                "/application",
-                "/gateway/conformance",
-                "/gateway/api/v1/conformance",
-                "/gateway/validate",
-                "/gateway/api/v1/validate"
-            };
-
             @Bean
             public SecurityFilterChain certificateOrAuthEndpointsFilterChain(HttpSecurity http) throws Exception {
                 baseConfigure(
@@ -529,7 +520,7 @@ public SecurityFilterChain certificateOrAuthEndpointsFilterChain(HttpSecurity ht
                         // filter out API ML certificate
                         .addFilterBefore(reversedCategorizeCertFilter(), org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter.class);
                 } else {
-                    http.addFilterAfter(new CategorizeCertsFilter(publicKeyCertificatesBase64, certificateValidator), org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter.class);
+                    http.x509(x509 -> x509.userDetailsService(x509UserDetailsService())); // default x509 filter, authenticates trusted cert
                 }
 
                 return http.authenticationProvider(compoundAuthProvider) // for authenticating credentials
@@ -558,7 +549,7 @@ private BasicContentFilter basicFilter(AuthenticationManager authenticationManag
                         authenticationManager,
                         handlerInitializer.getAuthenticationFailureHandler(),
                         handlerInitializer.getResourceAccessExceptionHandler(),
-                        protectedEndpoints);
+                        new String[] {"/"});
                 }
 
                 /**
@@ -570,7 +561,7 @@ private CookieContentFilter cookieFilter(AuthenticationManager authenticationMan
                         handlerInitializer.getAuthenticationFailureHandler(),
                         handlerInitializer.getResourceAccessExceptionHandler(),
                         authConfigurationProperties,
-                        protectedEndpoints);
+                        new String[] {"/"});
                 }
 
                 /**
@@ -581,7 +572,7 @@ private BearerContentFilter bearerContentFilter(AuthenticationManager authentica
                         authenticationManager,
                         handlerInitializer.getAuthenticationFailureHandler(),
                         handlerInitializer.getResourceAccessExceptionHandler(),
-                        protectedEndpoints);
+                        new String[] {"/"});
                 }
             }