From 00a15eb7db7cf98e30319124727423c770e2d23f Mon Sep 17 00:00:00 2001
From: Antonio Lorusso <antonio.lorusso1@cabinetoffice.gov.uk>
Date: Fri, 17 Nov 2023 12:28:04 +0000
Subject: [PATCH] add enpoint to whitelist

---
 .../gap/adminbackend/security/WebSecurityConfig.java           | 3 ++-
 .../security/interceptors/AuthorizationHeaderInterceptor.java  | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/gov/cabinetoffice/gap/adminbackend/security/WebSecurityConfig.java b/src/main/java/gov/cabinetoffice/gap/adminbackend/security/WebSecurityConfig.java
index fe204d09..35651188 100644
--- a/src/main/java/gov/cabinetoffice/gap/adminbackend/security/WebSecurityConfig.java
+++ b/src/main/java/gov/cabinetoffice/gap/adminbackend/security/WebSecurityConfig.java
@@ -47,7 +47,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                                 "/webjars/**")
                         .permitAll()
                         // TODO list all the endpoint for the spotlightPublisherLambda
-                        .antMatchers("/spotlight-batch/**").permitAll().anyRequest().authenticated())
+                        .antMatchers("/spotlight-batch/**", "/spotlight-submissions/**").permitAll().anyRequest()
+                        .authenticated())
 
                 .formLogin().disable().httpBasic().disable().logout().disable().csrf().disable().exceptionHandling()
                 .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
diff --git a/src/main/java/gov/cabinetoffice/gap/adminbackend/security/interceptors/AuthorizationHeaderInterceptor.java b/src/main/java/gov/cabinetoffice/gap/adminbackend/security/interceptors/AuthorizationHeaderInterceptor.java
index d3ec274c..27b78b75 100644
--- a/src/main/java/gov/cabinetoffice/gap/adminbackend/security/interceptors/AuthorizationHeaderInterceptor.java
+++ b/src/main/java/gov/cabinetoffice/gap/adminbackend/security/interceptors/AuthorizationHeaderInterceptor.java
@@ -22,12 +22,14 @@ public AuthorizationHeaderInterceptor(String expectedAuthorizationValue) {
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        log.info("Intercepting request: " + request.getRequestURI());
         if (handler instanceof HandlerMethod) {
             final HandlerMethod handlerMethod = (HandlerMethod) handler;
             final Method method = handlerMethod.getMethod();
 
             SpotlightPublisherHeaderValidator annotation = method
                     .getAnnotation(SpotlightPublisherHeaderValidator.class);
+            log.info("SpotlightPublisherHeaderValidator: " + annotation);
 
             if (annotation != null) {
                 final String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);