.and() // TODO do we need this?
.requestMatchers()
.antMatchers(
- "/manage/**",
+ // "/manage/**",
"/user/**"
// "/oauth/users/**",
// "/oauth/clients/**")
// or
// org.springframework.security.access.expression.SecurityExpressionRoot
// - org.springframework.security.oauth2.provider.expression.OAuth2SecurityExpressionMethods
- .antMatchers("/manage/**").access("#oauth2.clientHasRole('ROLE_CLIENT') or (!#oauth2.isOAuth() and hasRole('ROLE_ADMIN'))")
+ // .antMatchers("/manage/**").access("#oauth2.clientHasRole('ROLE_CLIENT') or (!#oauth2.isOAuth() and hasRole('ROLE_ADMIN'))")
.antMatchers("/user/me").access("isAuthenticated()")
.regexMatchers("/user/.*|/user\\..*").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER_MANAGER')")