Commit d02bcfa9 authored by Matija Obreza's avatar Matija Obreza
Browse files

Access to /me should be fully authenticated

- Fixes /profile/forgot-password access for anons
- UserProfileController @PreAuthorizes all method access
parent 8c84df0b
......@@ -138,7 +138,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
// admin
.antMatchers("/admin/**", "/1/admin/**").hasRole("ADMINISTRATOR")
// require login
.antMatchers("/profile", "/profile/**", "/oauth/authorize", "/swagger-**").fullyAuthenticated()
.antMatchers("/profile/me", "/profile/me/**", "/oauth/authorize", "/swagger-**").fullyAuthenticated()
// access denied
.and().exceptionHandling().accessDeniedPage("/access-denied")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment