9b1fcbc967d48d0f4110559dc037602b630da9ef,gravitee-management-api-security/src/main/java/io/gravitee/management/security/config/basic/BasicSecurityConfigurerAdapter.java,BasicSecurityConfigurerAdapter,configure,#HttpSecurity#,149
Before Change
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "**").permitAll()
.antMatchers(HttpMethod.GET, "/user/**").permitAll()
// API requests
.antMatchers(HttpMethod.GET, "/apis/**").permitAll()
.antMatchers(HttpMethod.POST, "/apis").hasAnyAuthority("ADMIN", "API_PUBLISHER")
.antMatchers(HttpMethod.POST, "/apis/**").authenticated()
.antMatchers(HttpMethod.PUT, "/apis/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/apis/**").authenticated()
// Application requests
.antMatchers(HttpMethod.POST, "/applications").hasAnyAuthority("ADMIN", "API_CONSUMER")
.antMatchers(HttpMethod.POST, "/applications/**").authenticated()
.antMatchers(HttpMethod.PUT, "/applications/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/applications/**").authenticated()
// Instance requests
.antMatchers(HttpMethod.GET, "/instances/**").hasAuthority("ADMIN")
// Platform requests
.antMatchers(HttpMethod.GET, "/platform/**").hasAuthority("ADMIN")
// User management
.antMatchers(HttpMethod.POST, "/users").permitAll()
.antMatchers(HttpMethod.GET, "/users").hasAnyAuthority("ADMIN")
.antMatchers(HttpMethod.GET, "/users/**").authenticated()
.antMatchers(HttpMethod.PUT, "/users/**").hasAnyAuthority("ADMIN")
.antMatchers(HttpMethod.DELETE, "/users/**").hasAnyAuthority("ADMIN")
.anyRequest().authenticated()
.and()
.csrf()
.disable()
After Change
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "**").permitAll()
.antMatchers(HttpMethod.GET, "/user/**").permitAll()
// View requests
.antMatchers(HttpMethod.GET, "/configuration/views/**").permitAll()
// API requests
.antMatchers(HttpMethod.GET, "/apis/**").permitAll()
.antMatchers(HttpMethod.POST, "/apis").hasAnyAuthority("ADMIN", "API_PUBLISHER")
.antMatchers(HttpMethod.POST, "/apis/**").authenticated()
.antMatchers(HttpMethod.PUT, "/apis/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/apis/**").authenticated()
// Application requests
.antMatchers(HttpMethod.POST, "/applications").hasAnyAuthority("ADMIN", "API_CONSUMER")
.antMatchers(HttpMethod.POST, "/applications/**").authenticated()
.antMatchers(HttpMethod.PUT, "/applications/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/applications/**").authenticated()
// Instance requests
.antMatchers(HttpMethod.GET, "/instances/**").hasAuthority("ADMIN")
// Platform requests
.antMatchers(HttpMethod.GET, "/platform/**").hasAuthority("ADMIN")
// User management
.antMatchers(HttpMethod.POST, "/users").permitAll()
.antMatchers(HttpMethod.GET, "/users").hasAnyAuthority("ADMIN")
.antMatchers(HttpMethod.GET, "/users/**").authenticated()
.antMatchers(HttpMethod.PUT, "/users/**").hasAnyAuthority("ADMIN")
.antMatchers(HttpMethod.DELETE, "/users/**").hasAnyAuthority("ADMIN")
.anyRequest().authenticated()
.and()
.csrf()