JB-52 Anonymous user has access to pages, which not configured in security.xml(spring)

Any user can open http://127.0.0.1:8081/clients/2/ without authorization.

    <http access-denied-page="/error403.jsp">
        <intercept-url pattern="/home*" access="ROLE_USER,ROLE_ANONYMOUS"/>
        <intercept-url pattern="/clients*" access="ROLE_USER"/>
        <intercept-url pattern="/accounts*" access="ROLE_USER"/>
        <intercept-url pattern="/transactions*" access="ROLE_ADMIN"/>
        <intercept-url pattern="/admin_page*" access="ROLE_ADMIN"/>
        <form-login login-page="/login" default-target-url="/home"
                    authentication-failure-url="/login.jsp?error=true"/>
        <logout logout-url="/logout" logout-success-url="/home"/>

        <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
        <remember-me/>
    </http>

iipolovinkin / JupiterBank

JB-52 Anonymous user has access to pages, which not configured in security.xml(spring) #75