Commit 20e6dca4 authored by Sascha Herzinger's avatar Sascha Herzinger
Browse files

removed whitelist from API access. It doesn't make sense in combination with the anon user

parent 1f28d732
......@@ -91,7 +91,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
.formLogin()
.usernameParameter("login")
.passwordParameter("password")
.loginProcessingUrl("/api/doLogin").permitAll()
.loginProcessingUrl("/api/doLogin")
.successHandler(successHandler)
.failureHandler(failureHandler)
.and()
......@@ -101,11 +101,6 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
.deleteCookies(lcsb.mapviewer.common.Configuration.AUTH_TOKEN)
.and()
.authorizeRequests()
.antMatchers("/minervanet/submitError").permitAll()
.antMatchers("/convert/**").permitAll()
.antMatchers("/plugins/**").permitAll()
.antMatchers("/configuration/").permitAll()
.anyRequest().authenticated()
.and()
.headers()
.frameOptions().disable() // is managed by XFrameFilter
......
......@@ -49,7 +49,7 @@ public class UserControllerAnonymousIntegrationTest extends ControllerIntegratio
mockMvc.perform(request)
.andExpect(status().is2xxSuccessful());
RequestBuilder anonymousRequest = get("/api/users/");
RequestBuilder anonymousRequest = get("/users/");
mockMvc.perform(anonymousRequest)
.andExpect(status().is2xxSuccessful());
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment