From 253ea847efd0c3e951ce3f37554e1df1495ecd2b Mon Sep 17 00:00:00 2001
From: Ryan Doherty <tech@conical.org>
Date: Tue, 10 Feb 2026 23:06:43 -0500
Subject: [PATCH] Disallow all but registered users to access jbrowse endpoints

---
 .../apicommon/service/filter/ApiCheckLoginFilter.java  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Service/src/main/java/org/apidb/apicommon/service/filter/ApiCheckLoginFilter.java b/Service/src/main/java/org/apidb/apicommon/service/filter/ApiCheckLoginFilter.java
index c1a01e2bd..a4a423050 100644
--- a/Service/src/main/java/org/apidb/apicommon/service/filter/ApiCheckLoginFilter.java
+++ b/Service/src/main/java/org/apidb/apicommon/service/filter/ApiCheckLoginFilter.java
@@ -8,10 +8,10 @@
 public class ApiCheckLoginFilter extends CheckLoginFilter {
 
   @Override
-  protected boolean isPathToSkip(String path) {
-    return super.isPathToSkip(path)
-        || (path.startsWith("jbrowse") && !path.startsWith("jbrowse2"))
-        || path.startsWith("profileSet");
+  protected boolean isGuestUserAllowed(String path) {
+    if ((path.startsWith("jbrowse") && !path.startsWith("jbrowse2")) || path.startsWith("profileSet")) {
+      return false;
+    }
+    return super.isGuestUserAllowed(path);
   }
-
 }