AYS-379 | Actuator Endpoints Have Been Allowed to Use without Rate Limit

Author: agitrubard

src/main/java/org/ays/auth/filter/AysBearerTokenAuthenticationFilter.java

@@ -102,7 +102,7 @@ protected void doFilterInternal(@NotNull HttpServletRequest httpServletRequest,
             final String tokenId = tokenService.getPayload(jwt).getId();
             invalidTokenService.checkForInvalidityOfToken(tokenId);
 
-            if (this.isNotAllowedPath(httpServletRequest) || isAuthorizedRateLimitEnabled) {
+            if (isAuthorizedRateLimitEnabled) {
                 boolean isRateLimitExceeded = this.isRateLimitExceeded(ipAddress, authorizedBuckets, httpServletResponse);
                 if (isRateLimitExceeded) {
                     return;