ref #6248 disabling authorization restriction on /manage/ as temp workaround

diff --git a/cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/config/OAuth2ServerConfiguration.java b/cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/config/OAuth2ServerConfiguration.java
index d67f9c71ebf75b26755024cb2ea58e88dbcbc0db..2845c6bc7252bdc87b703b70d6df6298ca70311a 100644 (file)
--- a/cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/config/OAuth2ServerConfiguration.java
+++ b/cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/config/OAuth2ServerConfiguration.java
@@ -58,7 +58,7 @@ public class OAuth2ServerConfiguration {
             .and() // TODO do we need this?
                 .requestMatchers()
                     .antMatchers(
-                        "/manage/**",
+                     //   "/manage/**",
                         "/user/**"
                         // "/oauth/users/**",
                         // "/oauth/clients/**")
@@ -71,7 +71,7 @@ public class OAuth2ServerConfiguration {
                     //      or
                     //   org.springframework.security.access.expression.SecurityExpressionRoot
                     // - org.springframework.security.oauth2.provider.expression.OAuth2SecurityExpressionMethods
-                    .antMatchers("/manage/**").access("#oauth2.clientHasRole('ROLE_CLIENT') or (!#oauth2.isOAuth() and hasRole('ROLE_ADMIN'))")
+                  //  .antMatchers("/manage/**").access("#oauth2.clientHasRole('ROLE_CLIENT') or (!#oauth2.isOAuth() and hasRole('ROLE_ADMIN'))")
                     .antMatchers("/user/me").access("isAuthenticated()")
                     .regexMatchers("/user/.*|/user\\..*").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER_MANAGER')")