Skip to content

Commit 8d2b963

Browse files
committed
More endpoints on security file
1 parent 08e0d86 commit 8d2b963

1 file changed

Lines changed: 24 additions & 4 deletions

File tree

orcid-web/src/main/resources/orcid-frontend-security.xml

Lines changed: 24 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -412,8 +412,26 @@
412412
access="ROLE_USER"/>
413413
<sec:intercept-url pattern="/account/.*"
414414
access="ROLE_USER"/>
415-
<sec:intercept-url pattern="/verify-email/[a-zA-Z0-9_-]+(\?lang=[a-zA-Z]*)?"
416-
access="IS_AUTHENTICATED_ANONYMOUSLY" />
415+
<sec:intercept-url pattern="/qr-code.png"
416+
access="ROLE_USER"/>
417+
<sec:intercept-url pattern="/find-my-stuff/.*"
418+
access="ROLE_USER"/>
419+
<sec:intercept-url pattern="/fundings/.*"
420+
access="ROLE_USER"/>
421+
<sec:intercept-url pattern="/delegators/.*"
422+
access="ROLE_USER"/>
423+
<sec:intercept-url pattern="/inbox/.*"
424+
access="ROLE_USER"/>
425+
<sec:intercept-url pattern="/notifications/.*"
426+
access="ROLE_USER"/>
427+
<sec:intercept-url pattern="/peer-reviews/.*"
428+
access="ROLE_USER"/>
429+
<sec:intercept-url pattern="/research-resources/.*"
430+
access="ROLE_USER"/>
431+
<sec:intercept-url pattern="/works/.*"
432+
access="ROLE_USER"/>
433+
<sec:intercept-url pattern="/affiliations/.*"
434+
access="ROLE_USER"/>
417435
<sec:intercept-url pattern="/userInfo.json(\?.*)?"
418436
access="ROLE_USER" />
419437
<sec:intercept-url pattern="/person.json(\?.*)?"
@@ -422,8 +440,10 @@
422440
access="ROLE_USER" />
423441
<sec:intercept-url pattern="/2FA/submitCode.json(\?.*)?"
424442
access="ROLE_USER" />
425-
<sec:intercept-url pattern="/my-orcid(\?.*)?" access="ROLE_USER" />
426-
443+
<sec:intercept-url pattern="/my-orcid(\?.*)?"
444+
access="ROLE_USER" />
445+
<sec:intercept-url pattern="/verify-email/[a-zA-Z0-9_-]+(\?lang=[a-zA-Z]*)?"
446+
access="IS_AUTHENTICATED_ANONYMOUSLY" />
427447
<!-- Allow GET requests (no authentication needed) -->
428448
<sec:intercept-url pattern="/.*" method="GET" access="IS_AUTHENTICATED_ANONYMOUSLY" />
429449
<!-- Require ROLE_USER for all other methods -->

0 commit comments

Comments
 (0)