Access to /me should be fully authenticated

- Fixes /profile/forgot-password access for anons - UserProfileController @PreAuthorizes all method access

Access to /me should be fully authenticated
- Fixes /profile/forgot-password access for anons - UserProfileController @PreAuthorizes all method access
d02bcfa9 · Matija Obreza · 8c84df0b · d02bcfa9
Commit d02bcfa9 authored May 14, 2018 by Matija Obreza
--- a/src/main/java/org/genesys2/spring/config/SecurityConfig.java
+++ b/src/main/java/org/genesys2/spring/config/SecurityConfig.java
@@ -138,7 +138,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 				// admin
 				.antMatchers("/admin/**", "/1/admin/**").hasRole("ADMINISTRATOR")
 				// require login
-				.antMatchers("/profile", "/profile/**", "/oauth/authorize", "/swagger-**").fullyAuthenticated()
+				.antMatchers("/profile/me", "/profile/me/**", "/oauth/authorize", "/swagger-**").fullyAuthenticated()

 			// access denied
 			.and().exceptionHandling().accessDeniedPage("/access-denied")