Description
Since SHIRO-682 it is no longer possible match the root of your application with /** . A request at / is transformed into an empty URI and no longer matches /**. This makes it impossible to secure your entire application and provide a whitelist for allowed urls, like this:
[urls] /rest/v1/openapi.* = noSessionCreation,anon /rest/v1/info = noSessionCreation,anon /** = noSessionCreation,oauth2,oauth,secured
So far, I've found no way to match the root in 1.5.