BAEL-797 fixing security settings

spring-cloud/spring-cloud-bootstrap/gateway/src/main/java/com/baeldung/spring/cloud/bootstrap/gateway/SecurityConfig.java

@@ -29,11 +29,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
             .httpBasic()
             .and()
         .authorizeRequests()
-            .antMatchers("/*.js","/*.html","/*.ico", "/*").permitAll()
-            .antMatchers("/book-service/books").permitAll()
-            .antMatchers("/zipkin/**").permitAll()
             .antMatchers("/eureka/**").hasRole("ADMIN")
-            .anyRequest().authenticated()
+            .anyRequest().permitAll()
             .and()
         .logout()
             .and()

spring-cloud/spring-cloud-bootstrap/gateway/src/test/java/com/baeldung/spring/cloud/bootstrap/gateway/LiveTest.java

@@ -35,8 +35,9 @@ public class LiveTest {
 
     @Test
     public void whenAccessProtectedResourceWithoutLogin_thenRedirectToLogin() {
-        final Response response = RestAssured.get(ROOT_URI + "/book-service/books/1");
+        final Response response = RestAssured.get(ROOT_URI + "/rating-service/ratings?bookId=1");
-        Assert.assertEquals(HttpStatus.UNAUTHORIZED.value(), response.getStatusCode());
+        Assert.assertEquals(HttpStatus.FORBIDDEN.value(), response.getStatusCode());
+        Assert.assertNotNull(response.getBody());
     }
 
     @Test
@@ -46,7 +47,7 @@ public class LiveTest {
             .auth().preemptive().basic("user", "password")
             .header("X-XSRF-TOKEN", sessionData.getCsrf())
             .filter(sessionFilter)
-            .get(ROOT_URI + "/book-service/books/1");
+            .get(ROOT_URI + "/rating-service/ratings?bookId=1");
         Assert.assertEquals(HttpStatus.OK.value(), response.getStatusCode());
         Assert.assertNotNull(response.getBody());
     }