AYS-379 | Actuator Endpoints Have Been Allowed to Use without Rate Limit

afet-yonetim-sistemi · Sep 26, 2024 · c6b1cd4 · c6b1cd4
1 parent daaf7d4
commit c6b1cd4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/org/ays/auth/filter/AysBearerTokenAuthenticationFilter.java b/src/main/java/org/ays/auth/filter/AysBearerTokenAuthenticationFilter.java
@@ -102,7 +102,7 @@ protected void doFilterInternal(@NotNull HttpServletRequest httpServletRequest,
             final String tokenId = tokenService.getPayload(jwt).getId();
             invalidTokenService.checkForInvalidityOfToken(tokenId);
 
-            if (this.isNotAllowedPath(httpServletRequest) || isAuthorizedRateLimitEnabled) {
+            if (isAuthorizedRateLimitEnabled) {
                 boolean isRateLimitExceeded = this.isRateLimitExceeded(ipAddress, authorizedBuckets, httpServletResponse);
                 if (isRateLimitExceeded) {
                     return;