cabinetoffice · a-lor-cab · Nov 17, 2023 · Nov 17, 2023
diff --git a/src/main/java/gov/cabinetoffice/gap/adminbackend/security/WebSecurityConfig.java b/src/main/java/gov/cabinetoffice/gap/adminbackend/security/WebSecurityConfig.java
@@ -47,7 +47,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                                 "/webjars/**")
                         .permitAll()
                         // TODO list all the endpoint for the spotlightPublisherLambda
-                        .antMatchers("/spotlight-batch/**").permitAll().anyRequest().authenticated())
+                        .antMatchers("/spotlight-batch/**", "/spotlight-submissions/**").permitAll().anyRequest()
+                        .authenticated())
 
                 .formLogin().disable().httpBasic().disable().logout().disable().csrf().disable().exceptionHandling()
                 .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));

diff --git a/.../cabinetoffice/gap/adminbackend/security/interceptors/AuthorizationHeaderInterceptor.java b/.../cabinetoffice/gap/adminbackend/security/interceptors/AuthorizationHeaderInterceptor.java
@@ -22,12 +22,14 @@ public AuthorizationHeaderInterceptor(String expectedAuthorizationValue) {
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        log.info("Intercepting request: " + request.getRequestURI());
         if (handler instanceof HandlerMethod) {
             final HandlerMethod handlerMethod = (HandlerMethod) handler;
             final Method method = handlerMethod.getMethod();
 
             SpotlightPublisherHeaderValidator annotation = method
                     .getAnnotation(SpotlightPublisherHeaderValidator.class);
+            log.info("SpotlightPublisherHeaderValidator: " + annotation);
 
             if (annotation != null) {
                 final String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);