Closed deepu105 closed 7 years ago
The permitAll() for oauth2 was added very recently so I think the ignoring() is now not needed anymore
yes that's very early code I wrote at the beginning of JHipster, this is probably obsolete (but needs to be tested, of course)
Sorry, I just realize you only speak about the "/api" URLs -> yes that's stupid, they should be removed! Maybe some testing is needed, as I guess the person who put them could have had an issue there.
We use the below configuration in our
SecurityConfiguration.java
We have added some API endpoints in there As per the spirng security documenetation below it is not advisable and we already do a
permitAll()
on those endpoints anyway@jhipster/developers does anybody know why the above config was added as I remember that we didn't have it some time back