From 27bc1b9f3aee14fa35af6cf2645b968fcfbf538e Mon Sep 17 00:00:00 2001
From: pabloFuente <pablofuenteperez@gmail.com>
Date: Thu, 16 Apr 2020 13:49:38 +0200
Subject: [PATCH] openvidu-server: controller security simplified

---
 .../server/config/SecurityConfig.java         | 23 ++++++-------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java b/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java
index 213b763d..036e06a8 100644
--- a/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java
@@ -37,31 +37,22 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		// Security for API REST
 		ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry conf = http.cors().and()
 				.csrf().disable().authorizeRequests()
-				// /api/sessions
-				.antMatchers(HttpMethod.GET, "/api/sessions").authenticated()
-				.antMatchers(HttpMethod.GET, "/api/sessions/**").authenticated()
-				.antMatchers(HttpMethod.POST, "/api/sessions").authenticated()
-				.antMatchers(HttpMethod.POST, "/api/sessions/**").authenticated()
-				// /api/tokens
-				.antMatchers(HttpMethod.POST, "/api/tokens").authenticated()
-				// /api/recordings
-				.antMatchers(HttpMethod.GET, "/api/recordings").authenticated()
-				.antMatchers(HttpMethod.GET, "/api/recordings/**").authenticated()
-				.antMatchers(HttpMethod.POST, "/api/recordings/start").authenticated()
-				.antMatchers(HttpMethod.POST, "/api/recordings/stop").authenticated()
-				.antMatchers(HttpMethod.DELETE, "/api/recordings/**").authenticated()
+				// /api
+				.antMatchers("/api/**").authenticated()
 				// /config
 				.antMatchers(HttpMethod.GET, "/config/openvidu-publicurl").permitAll()
 				.antMatchers(HttpMethod.GET, "/config/**").authenticated()
 				// /cdr
 				.antMatchers(HttpMethod.GET, "/cdr/**").authenticated()
+				// /accept-certificate
+				.antMatchers(HttpMethod.GET, "/accept-certificate").permitAll()
 				// Dashboard
-				.antMatchers("/").authenticated();
+				.antMatchers("/dashboard").authenticated();
 
-		// Security for layouts
+		// Security for recording layouts
 		conf.antMatchers("/layouts/**").authenticated();
 
-		// Security for recorded videos
+		// Security for recorded video files
 		if (openviduConf.getOpenViduRecordingPublicAccess()) {
 			conf = conf.antMatchers("/recordings/**").permitAll();
 		} else {