diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt
index 5440e61..72fcbd0 100644
--- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt
+++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt
@@ -8,7 +8,10 @@ import dev.fyloz.colorrecipesexplorer.service.CreUserDetailsService
 import dev.fyloz.colorrecipesexplorer.service.UserService
 import org.slf4j.Logger
 import org.springframework.boot.context.properties.EnableConfigurationProperties
-import org.springframework.context.annotation.*
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Lazy
+import org.springframework.context.annotation.Profile
 import org.springframework.core.env.Environment
 import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
@@ -99,11 +102,9 @@ class SecurityConfig(
             .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
 
         if (!debugMode) {
-            http.authorizeRequests()
-                .antMatchers("/api/login").permitAll()
-                .antMatchers("/api/logout").fullyAuthenticated()
-                .antMatchers("/api/user/current").fullyAuthenticated()
-                .anyRequest().fullyAuthenticated()
+            http
+                .authorizeRequests()
+                .anyRequest().permitAll()
         } else {
             http
                 .cors()
diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt
index 52e61d0..2230093 100644
--- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt
+++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt
@@ -32,6 +32,7 @@ class UserController(private val userService: UserService) {
         ok(userService.getByIdForOutput(id))
 
     @GetMapping("current")
+    @PreAuthorize("isFullyAuthenticated()")
     fun getCurrent(loggedInUser: Principal?) =
         if (loggedInUser != null)
             ok(
@@ -161,6 +162,7 @@ class GroupsController(
 @Profile("!emergency")
 class LogoutController(private val userService: UserService) {
     @GetMapping("logout")
+    @PreAuthorize("isFullyAuthenticated()")
     fun logout(request: HttpServletRequest) =
         ok {
             userService.logout(request)