From 70628b7890dd6bd97bf799d4fce79e34662a9136 Mon Sep 17 00:00:00 2001
From: pabloFuente <pablofuenteperez@gmail.com>
Date: Wed, 27 Jun 2018 16:53:45 +0200
Subject: [PATCH] openvidu-server: session GET operations authentication
 required

---
 .../src/main/java/io/openvidu/server/config/SecurityConfig.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java b/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java
index ea7558ed..33ad619c 100644
--- a/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java
@@ -39,6 +39,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry conf = http.cors().and()
 				.csrf().disable().authorizeRequests().antMatchers(HttpMethod.POST, "/api/sessions").authenticated()
 				.antMatchers(HttpMethod.POST, "/api/sessions/**").authenticated()
+				.antMatchers(HttpMethod.GET, "/api/sessions").authenticated()
+				.antMatchers(HttpMethod.GET, "/api/sessions/**").authenticated()
 				.antMatchers(HttpMethod.POST, "/api/tokens").authenticated()
 				.antMatchers(HttpMethod.POST, "/api/recordings/start").authenticated()
 				.antMatchers(HttpMethod.POST, "/api/recordings/stop").authenticated()