c91a9301c774d5ba7884ed7ef78844f898884bcf,gravitee-management-api-security/src/main/java/io/gravitee/management/security/config/basic/BasicSecurityConfigurerAdapter.java,BasicSecurityConfigurerAdapter,configure,#HttpSecurity#,149

Before Change


            .and()
                .authorizeRequests()
                    .antMatchers(HttpMethod.OPTIONS, "**").permitAll()
                    .antMatchers(HttpMethod.GET, "/user/**").permitAll()

                    // View requests
                    .antMatchers(HttpMethod.GET, "/configuration/views/**").permitAll()

                    // API requests
                    .antMatchers(HttpMethod.GET, "/apis/**").permitAll()
                    .antMatchers(HttpMethod.POST, "/apis").hasAnyAuthority("ADMIN", "API_PUBLISHER")
                    .antMatchers(HttpMethod.POST, "/apis/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/apis/**").authenticated()
                    .antMatchers(HttpMethod.DELETE, "/apis/**").authenticated()

                    // Application requests
                    .antMatchers(HttpMethod.POST, "/applications").hasAnyAuthority("ADMIN", "API_CONSUMER")
                    .antMatchers(HttpMethod.POST, "/applications/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/applications/**").authenticated()
                    .antMatchers(HttpMethod.DELETE, "/applications/**").authenticated()

                    // Subscriptions
                    .antMatchers(HttpMethod.GET, "/subscriptions/**").authenticated()

                    // Instance requests
                    .antMatchers(HttpMethod.GET, "/instances/**").hasAuthority("ADMIN")

                    // Platform requests
                    .antMatchers(HttpMethod.GET, "/platform/**").hasAuthority("ADMIN")

                    // User management
                    .antMatchers(HttpMethod.POST, "/users").permitAll()
                    .antMatchers(HttpMethod.POST, "/users/register").permitAll()
                    .antMatchers(HttpMethod.GET, "/users").hasAuthority("ADMIN")
                    .antMatchers(HttpMethod.GET, "/users/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/users/**").hasAuthority("ADMIN")
                    .antMatchers(HttpMethod.DELETE, "/users/**").hasAuthority("ADMIN")

                    // Swagger
                    .antMatchers(HttpMethod.GET, "/swagger.json").permitAll()

After Change


            .and()
                .authorizeRequests()
                    .antMatchers(HttpMethod.OPTIONS, "**").permitAll()
                    .antMatchers(HttpMethod.GET, "/user/**").permitAll()

                    // API requests
                    .antMatchers(HttpMethod.GET, "/apis/**").permitAll()
                    .antMatchers(HttpMethod.POST, "/apis").hasAnyAuthority("ADMIN", "API_PUBLISHER")
                    .antMatchers(HttpMethod.POST, "/apis/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/apis/**").authenticated()
                    .antMatchers(HttpMethod.DELETE, "/apis/**").authenticated()

                    // Application requests
                    .antMatchers(HttpMethod.POST, "/applications").hasAnyAuthority("ADMIN", "API_CONSUMER")
                    .antMatchers(HttpMethod.POST, "/applications/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/applications/**").authenticated()
                    .antMatchers(HttpMethod.DELETE, "/applications/**").authenticated()

                    // Subscriptions
                    .antMatchers(HttpMethod.GET, "/subscriptions/**").authenticated()

                    // Instance requests
                    .antMatchers(HttpMethod.GET, "/instances/**").hasAuthority("ADMIN")

                    // Platform requests
                    .antMatchers(HttpMethod.GET, "/platform/**").hasAuthority("ADMIN")

                    // User management
                    .antMatchers(HttpMethod.POST, "/users").permitAll()
                    .antMatchers(HttpMethod.POST, "/users/register").permitAll()
                    .antMatchers(HttpMethod.GET, "/users").hasAuthority("ADMIN")
                    .antMatchers(HttpMethod.GET, "/users/**").authenticated()
                    .antMatchers(HttpMethod.PUT, "/users/**").hasAuthority("ADMIN")
                    .antMatchers(HttpMethod.DELETE, "/users/**").hasAuthority("ADMIN")

                    // Swagger
                    .antMatchers(HttpMethod.GET, "/swagger.json").permitAll()