Wrap with the CheckTermsHandler is necessary.

src/main/java/io/kamax/mxisd/HttpMxisd.java

@@ -219,7 +219,10 @@ public class HttpMxisd {
             routingHandler.add(method, apiHandler.getPath(IdentityServiceAPI.V1), httpHandler);
         }
         if (matrixConfig.isV2()) {
-            HttpHandler handlerWithTerms = CheckTermsHandler.around(m.getAccMgr(), httpHandler, getPolicyObjects(apiHandler));
+            List<PolicyConfig.PolicyObject> policyObjects = getPolicyObjects(apiHandler);
+            HttpHandler handlerWithTerms = policyObjects.isEmpty()
+                ? httpHandler
+                : CheckTermsHandler.around(m.getAccMgr(), httpHandler, policyObjects);
             HttpHandler wrappedHandler = useAuthorization ? AuthorizationHandler.around(m.getAccMgr(), handlerWithTerms) : handlerWithTerms;
             routingHandler.add(method, apiHandler.getPath(IdentityServiceAPI.V2), wrappedHandler);
         }

src/main/java/io/kamax/mxisd/http/undertow/handler/CheckTermsHandler.java

@@ -54,6 +54,11 @@ public class CheckTermsHandler extends BasicHttpHandler {
 
     @Override
     public void handleRequest(HttpServerExchange exchange) throws Exception {
+        if (policies == null || policies.isEmpty()) {
+            child.handleRequest(exchange);
+            return;
+        }
+
         String token = findAccessToken(exchange).orElse(null);
         if (token == null) {
             log.error("Unauthorized request from: {}", exchange.getHostAndPort());