c91a9301c774d5ba7884ed7ef78844f898884bcf,gravitee-management-api-security/src/main/java/io/gravitee/management/security/config/basic/BasicSecurityConfigurerAdapter.java,BasicSecurityConfigurerAdapter,configure,#HttpSecurity#,149
Before Change
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "**").permitAll()
.antMatchers(HttpMethod.GET, "/user/**").permitAll()
// View requests
.antMatchers(HttpMethod.GET, "/configuration/views/**").permitAll()
// API requests
.antMatchers(HttpMethod.GET, "/apis/**").permitAll()
.antMatchers(HttpMethod.POST, "/apis").hasAnyAuthority("ADMIN", "API_PUBLISHER")
.antMatchers(HttpMethod.POST, "/apis/**").authenticated()
.antMatchers(HttpMethod.PUT, "/apis/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/apis/**").authenticated()
// Application requests
.antMatchers(HttpMethod.POST, "/applications").hasAnyAuthority("ADMIN", "API_CONSUMER")
.antMatchers(HttpMethod.POST, "/applications/**").authenticated()
.antMatchers(HttpMethod.PUT, "/applications/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/applications/**").authenticated()
// Subscriptions
.antMatchers(HttpMethod.GET, "/subscriptions/**").authenticated()
// Instance requests
.antMatchers(HttpMethod.GET, "/instances/**").hasAuthority("ADMIN")
// Platform requests
.antMatchers(HttpMethod.GET, "/platform/**").hasAuthority("ADMIN")
// User management
.antMatchers(HttpMethod.POST, "/users").permitAll()
.antMatchers(HttpMethod.POST, "/users/register").permitAll()
.antMatchers(HttpMethod.GET, "/users").hasAuthority("ADMIN")
.antMatchers(HttpMethod.GET, "/users/**").authenticated()
.antMatchers(HttpMethod.PUT, "/users/**").hasAuthority("ADMIN")
.antMatchers(HttpMethod.DELETE, "/users/**").hasAuthority("ADMIN")
// Swagger
.antMatchers(HttpMethod.GET, "/swagger.json").permitAll()
After Change
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "**").permitAll()
.antMatchers(HttpMethod.GET, "/user/**").permitAll()
// API requests
.antMatchers(HttpMethod.GET, "/apis/**").permitAll()
.antMatchers(HttpMethod.POST, "/apis").hasAnyAuthority("ADMIN", "API_PUBLISHER")
.antMatchers(HttpMethod.POST, "/apis/**").authenticated()
.antMatchers(HttpMethod.PUT, "/apis/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/apis/**").authenticated()
// Application requests
.antMatchers(HttpMethod.POST, "/applications").hasAnyAuthority("ADMIN", "API_CONSUMER")
.antMatchers(HttpMethod.POST, "/applications/**").authenticated()
.antMatchers(HttpMethod.PUT, "/applications/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/applications/**").authenticated()
// Subscriptions
.antMatchers(HttpMethod.GET, "/subscriptions/**").authenticated()
// Instance requests
.antMatchers(HttpMethod.GET, "/instances/**").hasAuthority("ADMIN")
// Platform requests
.antMatchers(HttpMethod.GET, "/platform/**").hasAuthority("ADMIN")
// User management
.antMatchers(HttpMethod.POST, "/users").permitAll()
.antMatchers(HttpMethod.POST, "/users/register").permitAll()
.antMatchers(HttpMethod.GET, "/users").hasAuthority("ADMIN")
.antMatchers(HttpMethod.GET, "/users/**").authenticated()
.antMatchers(HttpMethod.PUT, "/users/**").hasAuthority("ADMIN")
.antMatchers(HttpMethod.DELETE, "/users/**").hasAuthority("ADMIN")
// Swagger
.antMatchers(HttpMethod.GET, "/swagger.json").permitAll()