9b1fcbc967d48d0f4110559dc037602b630da9ef,gravitee-management-api-security/src/main/java/io/gravitee/management/security/config/basic/BasicSecurityConfigurerAdapter.java,BasicSecurityConfigurerAdapter,configure,#HttpSecurity#,149

Before Change


            .and()
                .authorizeRequests()
                    .antMatchers(HttpMethod.OPTIONS, "**").permitAll()
                    .antMatchers(HttpMethod.GET, "/user/**").permitAll()

                    // API requests
                    .antMatchers(HttpMethod.GET, "/apis/**").permitAll()
                    .antMatchers(HttpMethod.POST, "/apis").hasAnyAuthority("ADMIN", "API_PUBLISHER")
                    .antMatchers(HttpMethod.POST, "/apis/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/apis/**").authenticated()
                    .antMatchers(HttpMethod.DELETE, "/apis/**").authenticated()

                    // Application requests
                    .antMatchers(HttpMethod.POST, "/applications").hasAnyAuthority("ADMIN", "API_CONSUMER")
                    .antMatchers(HttpMethod.POST, "/applications/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/applications/**").authenticated()
                    .antMatchers(HttpMethod.DELETE, "/applications/**").authenticated()

                    // Instance requests
                    .antMatchers(HttpMethod.GET, "/instances/**").hasAuthority("ADMIN")

                    // Platform requests
                    .antMatchers(HttpMethod.GET, "/platform/**").hasAuthority("ADMIN")

                    // User management
                    .antMatchers(HttpMethod.POST, "/users").permitAll()
                    .antMatchers(HttpMethod.GET, "/users").hasAnyAuthority("ADMIN")
                    .antMatchers(HttpMethod.GET, "/users/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/users/**").hasAnyAuthority("ADMIN")
                    .antMatchers(HttpMethod.DELETE, "/users/**").hasAnyAuthority("ADMIN")
                    .anyRequest().authenticated()
            .and()
                .csrf()
                    .disable()

After Change


            .and()
                .authorizeRequests()
                    .antMatchers(HttpMethod.OPTIONS, "**").permitAll()
                    .antMatchers(HttpMethod.GET, "/user/**").permitAll()

                    // View requests
                    .antMatchers(HttpMethod.GET, "/configuration/views/**").permitAll()

                    // API requests
                    .antMatchers(HttpMethod.GET, "/apis/**").permitAll()
                    .antMatchers(HttpMethod.POST, "/apis").hasAnyAuthority("ADMIN", "API_PUBLISHER")
                    .antMatchers(HttpMethod.POST, "/apis/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/apis/**").authenticated()
                    .antMatchers(HttpMethod.DELETE, "/apis/**").authenticated()

                    // Application requests
                    .antMatchers(HttpMethod.POST, "/applications").hasAnyAuthority("ADMIN", "API_CONSUMER")
                    .antMatchers(HttpMethod.POST, "/applications/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/applications/**").authenticated()
                    .antMatchers(HttpMethod.DELETE, "/applications/**").authenticated()

                    // Instance requests
                    .antMatchers(HttpMethod.GET, "/instances/**").hasAuthority("ADMIN")

                    // Platform requests
                    .antMatchers(HttpMethod.GET, "/platform/**").hasAuthority("ADMIN")

                    // User management
                    .antMatchers(HttpMethod.POST, "/users").permitAll()
                    .antMatchers(HttpMethod.GET, "/users").hasAnyAuthority("ADMIN")
                    .antMatchers(HttpMethod.GET, "/users/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/users/**").hasAnyAuthority("ADMIN")
                    .antMatchers(HttpMethod.DELETE, "/users/**").hasAnyAuthority("ADMIN")
                    .anyRequest().authenticated()
            .and()
                .csrf()