From 3969ddffd8427b4c416135c9025584f319a5151c Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 28 Nov 2016 16:14:34 +0300 Subject: juick-api: /thread is also available to anonymous --- .../src/main/java/com/juick/api/configuration/ApiSecurityConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'juick-api/src/main/java/com/juick/api/configuration') diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java index 46e1725b..9f937c98 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java @@ -43,7 +43,7 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll() - .antMatchers("/messages", "/users").permitAll() + .antMatchers("/messages", "/users", "/thread").permitAll() .anyRequest().hasRole("USER") .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) .and().anonymous() -- cgit v1.2.3