diff --git a/wise-api/src/main/java/com/wisemapping/config/rest/RestAppConfig.java b/wise-api/src/main/java/com/wisemapping/config/rest/RestAppConfig.java index 65546bd1..918d1278 100644 --- a/wise-api/src/main/java/com/wisemapping/config/rest/RestAppConfig.java +++ b/wise-api/src/main/java/com/wisemapping/config/rest/RestAppConfig.java @@ -39,8 +39,9 @@ public class RestAppConfig { .securityMatcher("/**") .addFilterAfter(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) .authorizeHttpRequests(auth -> auth - .requestMatchers(mvc.pattern("/api/restful/users/")).permitAll() .requestMatchers(mvc.pattern("/api/restful/authenticate")).permitAll() + .requestMatchers(mvc.pattern("/api/restful/users/")).permitAll() + .requestMatchers(mvc.pattern("/api/restful/maps/*/document/xml-pub")).permitAll() .requestMatchers(mvc.pattern("/api/restful/users/resetPassword")).permitAll() .requestMatchers(mvc.pattern("/api/restful/oauth2/googlecallback")).permitAll() .requestMatchers(mvc.pattern("/api/restful/oauth2/confirmaccountsync")).permitAll() diff --git a/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java b/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java index 2d308c2b..276e20aa 100644 --- a/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java +++ b/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java @@ -250,7 +250,7 @@ public class MindmapController extends BaseController { @NotNull private Mindmap findMindmapById(int id) throws MapCouldNotFoundException, AccessDeniedSecurityException { // Has enough permissions ? - final User user = Utils.getUser(true); + final User user = Utils.getUser(); if (!mindmapService.hasPermissions(user, id, CollaborationRole.VIEWER)) { throw new AccessDeniedSecurityException(id, user); }