AB2D-6303 Get CapabilityStatement without bearer token #1394
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🎫 Ticket
https://jira.cms.gov/browse/AB2D-6303
🛠 Changes
Reordered antMatchers in SecurityConfig so that authExceptions come first.
Expanded the authExceptions for metadata from "/metadata" to "**/metadata" so that it works with v1 and v2. Added a /metadata clause to shouldBePublic.
ℹ️ Context
In order to conform with the Bulk Data IG (and pretty much any server IG) it should be possible to get a CapabilityStatement from the /metadata endpoint without having a bearer token.
🧪 Validation
Deployed branch to IMPL and checked to see that you can get a CapabilityStatement from the /metadata endpoint for both v1 and v2 by using Postman.