Java error when trying to add a WMS layer in the map while not being logged in Geonetwork

Describe the bug If I'm not logged into GN then trying to add a WMS layer on the map from a WMS endpoit results always in an error, that looking into the logs reads as

"java.lang.IllegalStateException: Cannot call sendError() after the response has been committed"

To be precise:

HTTP Status 500 – Internal Server Error

Type Exception Report

Message Cannot call sendError() after the response has been committed

Description The server encountered an unexpected condition that prevented it from fulfilling the request.

Exception

java.lang.IllegalStateException: Cannot call sendError() after the response has been committed
    org.apache.catalina.connector.ResponseFacade.sendError(ResponseFacade.java:456)
    javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:120)
    javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:120)
    org.springframework.security.web.util.OnCommittedResponseWrapper.sendError(OnCommittedResponseWrapper.java:126)
    javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:120)
    javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:120)
    org.fao.geonet.monitor.webapp.WebappMetricsFilter$StatusExposingServletResponse.sendError(WebappMetricsFilter.java:154)
    org.fao.geonet.proxy.URITemplateProxyServlet.service(URITemplateProxyServlet.java:390)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    org.fao.geonet.monitor.webapp.WebappMetricsFilter.doFilter(WebappMetricsFilter.java:121)
    org.fao.geonet.monitor.webapp.MetricsRegistryInitializerFilter.doFilter(MetricsRegistryInitializerFilter.java:58)
    org.fao.geonet.web.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:110)
    org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
    org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
    org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
    org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394)
    org.fao.geonet.web.CORSResponseFilter.doFilter(CORSResponseFilter.java:133)
    org.fao.geonet.web.GeoNetworkPortalFilter.doFilter(GeoNetworkPortalFilter.java:103)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:337)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
    org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:166)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    jeeves.config.springutil.PassthroughFilter.doFilter(PassthroughFilter.java:50)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
    org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
    org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)
    org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
    jeeves.config.springutil.JeevesDelegatingFilterProxy.doFilter(JeevesDelegatingFilterProxy.java:74)
    org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)

To Reproduce Steps to reproduce the behavior:

Open GN home page
Click on 'map > Add a Layer from > services > type a WMS service URL'
Enter the WMS URL > "Returned status '500'. You should check the URL or check that the service is running. "
But the remote WMS service is fine, also if I repeat while being logged into GN (regardless of the role) it works OK

This also happens when to an metadata entry is added a link to an online resource (WMS) and subsequently a WMS layer is chosen. Any attempt to add that layer to the map causes the same error.

Desktop (please complete the following information):

Browser > ALL
GeoNetwork Version 4.2.5
Server Application [Tomcat 9 with Java 8]

geonetwork / core-geonetwork

Java error when trying to add a WMS layer in the map while not being logged in Geonetwork #7267