fix: Do not require auth on CORS preflights

org.eclipse.lyo.oslc4j.codegenerator/src/org/eclipse/lyo/oslc4j/codegenerator/files/generateCredentialsFilter.mtl

@@ -119,16 +119,27 @@ public class [anAdaptorInterface.javaClassNameForCredentialsFilter() /] implemen
      * @return true - the resource is protected, otherwise false
      */
     private boolean isProtectedResource(HttpServletRequest httpRequest) {
-        if (ignoreResourceProtection) {
-            return false;
-        }
         String pathInfo = httpRequest.getPathInfo();
 
         //'protectedResource' defines the basic set of requests that needs to be protected. 
         //You can override this defintion in the user protected code block below.
+        // Do not protect OSLC resources needed for initial discovery
         boolean protectedResource = !pathInfo.startsWith("/rootservices") && !pathInfo.startsWith("/oauth");
+        // Do not protect CORS preflight requests
+        if (protectedResource) {
+            String method = httpRequest.getMethod();
+            if ("OPTIONS".equalsIgnoreCase(method)) {
+                protectedResource = false;
+            }
+        }
+        // Only for debugging!
+        if (ignoreResourceProtection) {
+            protectedResource = false;
+        }
+        // Here you can override or extend the checks
         // [protected ('isProtectedResource')]
         // [/protected]
+
         return protectedResource;
     }