fix: exclude resource/download ssoInterceptor

[msslulu]

English | 简体中文

PR

PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our Commit Message Guidelines
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)
• Built its own designer, fully self-validated

PR Type

What kind of change does this PR introduce?

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Build related changes
• CI related changes
• Documentation content changes
• Other... Please describe:

Background and solution

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Does this PR introduce a breaking change?

• Yes
• No

Other information

Summary by CodeRabbit

• Bug Fixes
  • Updated authentication configuration to allow direct access to material center resource downloads, restoring uninterrupted download access for users. No other user-facing behavior changed.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Added the material-center resource download path to the SSO interceptor exclusion list in LoginConfig, updating the set of excluded paths without changing method signatures or control flow.

Changes

Cohort / File(s)	Summary
SSO Interceptor Configuration base/src/main/java/com/tinyengine/it/login/config/LoginConfig.java	Added "/material-center/api/resource/download/*" to excludePathPatterns alongside the existing chat completions pattern; comment "材料下载" added.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A download trail, soft and spry,
Hops past the gate without a sigh,
Materials glide on rails of light,
Free to fetch, swift and bright,
I nibble joy — a quiet byte. 🍃

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: exclude resource/download ssoInterceptor' directly and specifically describes the main change: excluding a resource download path from the ssoInterceptor in the LoginConfig.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@base/src/main/java/com/tinyengine/it/login/config/LoginConfig.java`:
- Around line 45-46: LoginConfig currently whitelists
"/material-center/api/resource/download/*", making downloads publicly
accessible; confirm whether that is intentional. If it is intentional, document
the decision by adding a clear comment and/or configuration flag (e.g.,
allowPublicResourceDownloads) near the whitelist in LoginConfig and add a
unit/integration test that verifies public access; if it is NOT intentional,
remove "/material-center/api/resource/download/*" from the whitelist (or move it
behind SSO enforcement) so the download endpoints require authentication.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for how download endpoints are defined to understand the expected URL structure
echo "=== Searching for resource download endpoint definitions ==="
rg -n --type java -C3 'download|resource.*download' -g '!*Test*' | head -100

echo ""
echo "=== Searching for other excludePathPatterns usage to verify pattern style ==="
rg -n --type java 'excludePathPatterns' -C2 | head -100

echo ""
echo "=== Check the full LoginConfig.java file to understand context ==="
cat -n "base/src/main/java/com/tinyengine/it/login/config/LoginConfig.java" 2>/dev/null || echo "File not found at expected path"

echo ""
echo "=== Search for LoginConfig in the repository ==="
fd -t f "LoginConfig.java" 2>/dev/null

Repository: opentiny/tiny-engine-backend-java

Length of output: 4553

---

Confirm the security intent for unauthenticated resource downloads.

Excluding /material-center/api/resource/download/* from SSO means resource downloads will be accessible without authentication. Please confirm this is intentional and that these resources are meant to be publicly accessible.

🤖 Prompt for AI Agents

In `@base/src/main/java/com/tinyengine/it/login/config/LoginConfig.java` around
lines 45 - 46, LoginConfig currently whitelists
"/material-center/api/resource/download/*", making downloads publicly
accessible; confirm whether that is intentional. If it is intentional, document
the decision by adding a clear comment and/or configuration flag (e.g.,
allowPublicResourceDownloads) near the whitelist in LoginConfig and add a
unit/integration test that verifies public access; if it is NOT intentional,
remove "/material-center/api/resource/download/*" from the whitelist (or move it
behind SSO enforcement) so the download endpoints require authentication.