From 9e198fdaa55a5965987d5bb8555653f4ee3cb97e Mon Sep 17 00:00:00 2001
From: Nathan Cannon <nathan.cannon@edf-energy.com>
Date: Mon, 8 Oct 2018 11:44:05 +0100
Subject: [PATCH] More strictly defined authenticated routes.

---
 .../main/kotlin/uk/co/neviyn/observationdatabase/Security.kt    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/main/kotlin/uk/co/neviyn/observationdatabase/Security.kt b/backend/src/main/kotlin/uk/co/neviyn/observationdatabase/Security.kt
index 0ff1f16..f431308 100644
--- a/backend/src/main/kotlin/uk/co/neviyn/observationdatabase/Security.kt
+++ b/backend/src/main/kotlin/uk/co/neviyn/observationdatabase/Security.kt
@@ -38,7 +38,7 @@ class CustomWebSecurityConfigurerAdapter : WebSecurityConfigurerAdapter() {
     @Throws(Exception::class)
     override fun configure(http: HttpSecurity) {
         http.csrf().disable().authorizeRequests()
-                .antMatchers(HttpMethod.POST, "/api/**").authenticated()
+                .antMatchers(HttpMethod.POST, "/api/site", "/api/tutor", "/api/observation").authenticated()
                 .anyRequest().permitAll()
                 .and()
                 .httpBasic()