From d26a7582e5d0193c4d161f446bcb3437874e659f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mart=C3=ADnAGR?=
 <56026685+Martinagr32@users.noreply.github.com>
Date: Thu, 1 Apr 2021 01:43:52 +0200
Subject: [PATCH] Reviews and login/logout security fixed

---
 .../cheapy/configuration/SecurityConfiguration.java        | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java b/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
index 7189740f2..d9c57cdce 100644
--- a/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
+++ b/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
@@ -37,7 +37,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 		.antMatchers("/users/new").permitAll()
 
 		.antMatchers("/login/**").anonymous()
-		.antMatchers("/logout").permitAll()
+		.antMatchers("/logout").authenticated()
 
 		.antMatchers("/usuarios/new").permitAll()
 		.antMatchers("/admin/**").hasAnyAuthority("admin")
@@ -50,11 +50,12 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 		.antMatchers("/clients/new").permitAll()
 		.antMatchers("/offers/**").permitAll()
 
+		.antMatchers("/reviews/**").authenticated()
 
 		.and().formLogin()
-			.loginPage("/login").permitAll()
+			.loginPage("/login")
 			.failureUrl("/login?error")
-		    .and().logout().logoutSuccessUrl("/login");
+		    .and().logout().logoutSuccessUrl("/");
 
 		// Configuración para que funcione la consola de administración
 		// de la BD H2 (deshabilitar las cabeceras de protección contra