From 734b96b8616326ce39703465f5092b1c459f885a Mon Sep 17 00:00:00 2001
From: Dominick Leppich <dominick.leppich@intranda.com>
Date: Wed, 18 Sep 2024 08:30:59 +0200
Subject: [PATCH] fix: always allow API documentation route

---
 .../io/goobi/vocabulary/security/SecurityConfiguration.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/module-core/src/main/java/io/goobi/vocabulary/security/SecurityConfiguration.java b/module-core/src/main/java/io/goobi/vocabulary/security/SecurityConfiguration.java
index b1027cc..2ddf272 100644
--- a/module-core/src/main/java/io/goobi/vocabulary/security/SecurityConfiguration.java
+++ b/module-core/src/main/java/io/goobi/vocabulary/security/SecurityConfiguration.java
@@ -23,8 +23,8 @@ public SecurityConfiguration(BearerTokenAuthFilter bearerTokenAuthFilter) {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http.csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
-                        .dispatcherTypeMatchers(DispatcherType.ASYNC)
-                        .permitAll()
+                        .dispatcherTypeMatchers(DispatcherType.ASYNC).permitAll()
+                        .requestMatchers("/docs/**").permitAll()
                         .anyRequest()
                         .authenticated()
                 )