From 68461377f6835be3a9a2bfa0b09bbade336729d5 Mon Sep 17 00:00:00 2001
From: amontenegro <a.montenegro@orcid.org>
Date: Mon, 10 Feb 2025 18:51:26 -0600
Subject: [PATCH] Session events are ignored for public api page calls

---
 .../OrcidRedisIndexedSessionRepository.java   |  37 ++--
 .../resources/orcid-frontend-security.xml     | 166 +++++++-----------
 2 files changed, 82 insertions(+), 121 deletions(-)

diff --git a/orcid-web/src/main/java/org/orcid/frontend/spring/session/redis/OrcidRedisIndexedSessionRepository.java b/orcid-web/src/main/java/org/orcid/frontend/spring/session/redis/OrcidRedisIndexedSessionRepository.java
index 4f156b96b0..57fcba0b08 100644
--- a/orcid-web/src/main/java/org/orcid/frontend/spring/session/redis/OrcidRedisIndexedSessionRepository.java
+++ b/orcid-web/src/main/java/org/orcid/frontend/spring/session/redis/OrcidRedisIndexedSessionRepository.java
@@ -2,6 +2,7 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.orcid.api.common.analytics.APIEndpointParser;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationEventPublisher;
@@ -52,15 +53,15 @@ public class OrcidRedisIndexedSessionRepository implements FindByIndexNameSessio
     private RedisSerializer<Object> defaultSerializer = new JdkSerializationRedisSerializer();
     private FlushMode flushMode;
     private SaveMode saveMode;
-    private final List<String> urisToSkip = List.of("/account/biographyForm.json", "/account/countryForm.json", "/account/emails.json",
-            "/account/nameForm.json", "/account/preferences.json", "/affiliations/affiliationGroups.json", "/affiliations/affiliationDetails.json",
-            "/assets/vectors/orcid.logo.icon.svg", "/config.json", "/delegators/delegators-and-me.json", "/fundings/fundingDetails.json",
-            "/fundings/fundingGroups.json", "/inbox/unreadCount.json", "/my-orcid/externalIdentifiers.json", "/my-orcid/keywordsForms.json",
-            "/my-orcid/otherNamesForms.json", "/my-orcid/websitesForms.json", "/peer-reviews/peer-reviews-minimized.json",
-            "/research-resources/researchResourcePage.json", "/research-resources/researchResource.json", "/works/worksExtendedPage.json",
-            "/works/groupingSuggestions.json", "/works/getWorkInfo.json", "/works/work.json", "/works/idTypes.json", "/orgs/disambiguated/ROR",
-            "/orgs/disambiguated/GRID", "/orgs/disambiguated/FUNDREF", "/ng-cli-ws", "/not-found", "/peer-reviews/peer-review.json",
-            "/peer-reviews/peer-reviews-by-group-id.json");
+    private final String PUBLIC_ORCID_PAGE_REGEX = "/(\\d{4}-){3,}\\d{3}[\\dX](/.+)";
+    private final List<String> urisToSkip = List.of("/2FA/status.json", "/account/", "/account/biographyForm.json", "/account/countryForm.json", "/account/delegates.json", "/account/emails.json",
+            "/account/get-trusted-orgs.json", "/account/nameForm.json", "/account/preferences.json", "/account/socialAccounts.json", "/affiliations/affiliationDetails.json", "/affiliations/affiliationGroups.json",
+            "/assets/vectors/orcid.logo.icon.svg", "/config.json", "/delegators/delegators-and-me.json", "/fundings/fundingDetails.json", "/fundings/fundingGroups.json", "/inbox/notifications.json",
+            "/inbox/totalCount.json", "/inbox/unreadCount.json", "/my-orcid/externalIdentifiers.json", "/my-orcid/keywordsForms.json", "/my-orcid/otherNamesForms.json", "/my-orcid/websitesForms.json",
+            "/ng-cli-ws", "/not-found", "/notifications/frequencies/view", "/orgs/disambiguated/FUNDREF", "/orgs/disambiguated/GRID", "/orgs/disambiguated/LEI", "/orgs/disambiguated/RINGGOLD",
+            "/orgs/disambiguated/ROR", "/peer-reviews/peer-review.json", "/peer-reviews/peer-reviews-by-group-id.json", "/peer-reviews/peer-reviews-minimized.json", "/qr-code.png",
+            "/research-resources/researchResource.json", "/research-resources/researchResourcePage.json", "/works/getWorkInfo.json", "/works/groupingSuggestions.json", "/works/idTypes.json", "/works/work.json",
+            "/works/worksExtendedPage.json");
     private final Set<String> SKIP_SAVE_SESSION = new HashSet<>(urisToSkip);
 
     public OrcidRedisIndexedSessionRepository(RedisOperations<Object, Object> sessionRedisOperations) {
@@ -129,7 +130,7 @@ public void save(OrcidRedisIndexedSessionRepository.RedisSession session) {
 
         if(updateSession()) {
             //TODO: REMOVE THIS LOG ENTRY BEFORE GOING LIVE!!!!
-            logger.info("Saving session for " + request.getRequestURI());
+            logger.info("Saving session for " + request.getRequestURI() + " - " + request.getMethod());
             session.save();
             if (session.isNew) {
                 String sessionCreatedKey = this.getSessionCreatedChannel(session.getId());
@@ -138,7 +139,7 @@ public void save(OrcidRedisIndexedSessionRepository.RedisSession session) {
             }
         } else {
             //TODO: REMOVE THIS LOG ENTRY BEFORE GOING LIVE!!!!
-            logger.info("Skip save session id " + request.getRequestURI());
+            logger.info("Skip save session id " + request.getRequestURI() + " - " + request.getMethod());
         }
     }
 
@@ -205,11 +206,11 @@ private MapSession loadSession(String id, Map<Object, Object> entries) {
                 ///////////////////////////////////////////////
                 if(updateSession()) {
                     // TODO: REMOVE THIS LOG ENTRY BEFORE GOING LIVE!!!
-                    logger.info("Updating last accessed time for " + request.getRequestURI());
+                    logger.info("Updating last accessed time for " + request.getRequestURI() + " - " + request.getMethod());
                     loaded.setLastAccessedTime(Instant.ofEpochMilli((Long) entry.getValue()));
                 } else {
                     // TODO: REMOVE THIS LOG ENTRY BEFORE GOING LIVE!!!
-                    logger.info("Ignoring last accessed time for " + request.getRequestURI());
+                    logger.info("Ignoring last accessed time for " + request.getRequestURI() + " - " + request.getMethod());
                 }
             } else if (key.startsWith("sessionAttr:")) {
                 loaded.setAttribute(key.substring("sessionAttr:".length()), entry.getValue());
@@ -362,7 +363,13 @@ private BoundHashOperations<Object, Object, Object> getSessionBoundHashOperation
     private boolean updateSession() {
         ServletRequestAttributes att = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
         HttpServletRequest request = att.getRequest();
-        return (!SKIP_SAVE_SESSION.contains(request.getRequestURI().substring(request.getContextPath().length())));
+        if(request.getMethod().equals("GET")) {
+            String url = request.getRequestURI().substring(request.getContextPath().length());
+            if(SKIP_SAVE_SESSION.contains(url) || url.matches(PUBLIC_ORCID_PAGE_REGEX)) {
+                return false;
+            }
+        }
+        return true;
     }
 
     static String getSessionAttrNameKey(String attributeName) {
@@ -402,7 +409,7 @@ public void setLastAccessedTime(Instant lastAccessedTime) {
                 // TODO: REMOVE THIS BEFORE GOING LIVE!!!!
                 ServletRequestAttributes att = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
                 HttpServletRequest request = att.getRequest();
-                System.out.println("REDIS_SESSION: setLastAccessedTime: " + request.getRequestURI().toString());
+                System.out.println("REDIS_SESSION: setLastAccessedTime: " + request.getRequestURI().toString() + " - " + request.getMethod());
 
                 this.cached.setLastAccessedTime(lastAccessedTime);
                 this.delta.put("lastAccessedTime", this.getLastAccessedTime().toEpochMilli());
diff --git a/orcid-web/src/main/resources/orcid-frontend-security.xml b/orcid-web/src/main/resources/orcid-frontend-security.xml
index 647bfe735c..1b99b724eb 100644
--- a/orcid-web/src/main/resources/orcid-frontend-security.xml
+++ b/orcid-web/src/main/resources/orcid-frontend-security.xml
@@ -102,62 +102,81 @@
 
 	<sec:http-firewall ref="httpFirewall"/>
     	
-	<sec:http pattern="/robots.txt" security="none" create-session="stateless" />
-	<sec:http pattern="/tomcatUp.json" security="none" create-session="stateless" />
-	<sec:http pattern="/webStatus.json" security="none" create-session="stateless" />
+	<sec:http pattern="/robots\.txt" security="none" create-session="stateless" />
+	<sec:http pattern="/tomcatUp\.json" security="none" create-session="stateless" />
+	<sec:http pattern="/webStatus\.json" security="none" create-session="stateless" />
 	<sec:http pattern="/error" security="none" />
-	<sec:http pattern="/favicon.ico" security="none" create-session="stateless" />
+	<sec:http pattern="/favicon\.ico" security="none" create-session="stateless" />
 	<sec:http pattern="/static/**" security="none" create-session="stateless" />
-	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[x](\?.*)?" security="none" create-session="stateless" />
-	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX](\?.*)?" security="none" create-session="stateless" />
-	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/print" security="none" create-session="stateless" />
 	<sec:http pattern="/.well-known/**" security="none" />
-
-
-
-
-
-
-
-
-
+	<sec:http pattern="/assets/(.*)?" security="none" create-session="stateless" />
 
 	<!--Endpoint that can be accessed anonymously and don't need to create a session-->
+	<sec:http pattern="/" security="none" create-session="stateless" />
+	<sec:http pattern="/not-found" security="none" create-session="stateless" />
+	<sec:http pattern="/home(\?.*)?" security="none" create-session="stateless" />
 	<sec:http pattern="/identifiers/norm/(.*)?" security="none" create-session="stateless" />
-	<sec:http pattern="/statistics/liveids.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/statistics/liveids\.json(\?.*)?" security="none" create-session="stateless" />
 	<sec:http pattern="/statistics(/)?$" security="none" create-session="stateless" />
-	<sec:http pattern="/(\d{4}-){3,}\d{3}[\dX]/userInfo.json(\?.*)?" security="none" create-session="stateless" />
 	<sec:http pattern="/messages.json(\?.*)?" security="none" create-session="stateless"  />
 	<sec:http pattern="/config.json(\?.*)?" security="none" create-session="stateless"  />
 	<sec:http pattern="/lang.json(.*)?" security="none" create-session="stateless" />
 	<sec:http pattern="/orcid-search/.*" security="none" create-session="stateless" />
 	<sec:http pattern="/reset-password(\?.*)?" security="none" create-session="stateless" />
-	<sec:http pattern="/reset-password.json(\?.*)?" security="none" create-session="stateless" />
-	<sec:http pattern="/validate-reset-password.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/reset-password\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/validate-reset-password.\json(\?.*)?" security="none" create-session="stateless" />
 	<sec:http pattern="/reset-password-email/.*" security="none" create-session="stateless" />
-	<sec:http pattern="/reset-password-email.json(\?.*)?" security="none" create-session="stateless" />
-	<sec:http pattern="/reset-password-email-v2.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/reset-password-email\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/reset-password-email-v2\.json(\?.*)?" security="none" create-session="stateless" />
 	<sec:http pattern="/claim/.*" security="none" create-session="stateless" />
 	<sec:http pattern="/resend-claim(\?.*)?" security="none" create-session="stateless" />
-	<sec:http pattern="/resend-claim.json(\?.*)?" security="none" create-session="stateless" />
-	<sec:http pattern="/validate-resend-claim.json(\?.*)?" security="none" create-session="stateless" />
-	<sec:http pattern="/reset-password-email-validate-token.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/resend-claim\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/validate-resend-claim\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/reset-password-email-validate-token\.json(\?.*)?" security="none" create-session="stateless" />
 	<sec:http pattern="/members(\?.*)?" security="none" create-session="stateless" />
 	<sec:http pattern="/members/.*" security="none" create-session="stateless" />
 	<sec:http pattern="/consortia(\?.*)?" security="none" create-session="stateless" />
 	<sec:http pattern="/consortia/.*" security="none" create-session="stateless" />
 	<sec:http pattern="/record-corrections" security="none" create-session="stateless" />
 	<sec:http pattern="/record-corrections/next(\/?.*)?" security="none" create-session="stateless" />
-	<sec:http pattern="/record-corrections/previous(\/?.*)??" security="none" create-session="stateless" />
+	<sec:http pattern="/record-corrections/previous(\/?.*)?" security="none" create-session="stateless" />
 	<sec:http pattern="/about/trust/integrity/record-corrections" security="none" create-session="stateless" />
-	<sec:http pattern="/assets/(.*)?" security="none" create-session="stateless" />
-
-
-
-
-
-
-    <!-- Authenticate the client before reaching the token endpoint -->
+	<sec:http pattern="/reactivation/.*?" security="none" create-session="stateless"/>
+	<sec:http pattern="/reactivationConfirm\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/reactivationData\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/sendReactivation\.json" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/orgs/disambiguated/(.+)\?(.+)?" security="none" create-session="stateless" />
+
+	<!-- Registration endpoints -->
+	<sec:http pattern="/register.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/email-domain/find-category(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/email-domain/find-org(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/registerConfirm\.json(\?.*)?" security="none" create-session="stateless" />
+
+	<!-- Public Record page endpoints -->
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX](\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/print" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/affiliationDetails\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/affiliationGroups\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/affiliations\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/allWorks\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/fundingDetails\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/fundingGroups\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/getWorkInfo\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/peer-review\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/peer-reviews-by-group-id\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/peer-reviews-minimized\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/peer-reviews\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/person\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/public-record\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/researchResource\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/researchResourcePage\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/summary\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/userInfo\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/worksExtendedPage\.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/worksPage\.json(\?.*)?" security="none" create-session="stateless" />
+
+	<!-- Authenticate the client before reaching the token endpoint -->
     <sec:http pattern="/oauth/token" use-expressions="false" create-session="stateless" authentication-manager-ref="clientAuthenticationManager">
     	<sec:csrf disabled="true"/>
         <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
@@ -282,8 +301,8 @@
 			username-parameter="userId" password-parameter="password" 
 			default-target-url="/social/access" />
 		<sec:session-management session-fixation-protection="migrateSession"/>
-	</sec:http> 
-	
+	</sec:http>
+
 	<sec:http use-expressions="false" access-decision-manager-ref="accessDecisionManager" authentication-manager-ref="authenticationManager" create-session="ifRequired"
 		request-matcher="regex">
 		<sec:request-cache ref="orcidRequestCache"/>
@@ -294,57 +313,13 @@
 		</sec:headers>
 		<sec:custom-filter position="CORS_FILTER" ref="corsFilterWeb" />
 		<sec:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />
-		<sec:intercept-url pattern="/"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/not-found"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/home(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 
 		<sec:intercept-url pattern="/notifications/frequencies/[^\/\?#:]*(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/notifications/frequencies/[^\/\?#:]*/email-frequencies.json(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/orgs/disambiguated/(.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-	    <sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/worksPage.json(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/worksExtendedPage.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/allWorks.json(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/person.json(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/public-record.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/summary.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/affiliations.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/affiliationDetails.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />		
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/affiliationGroups.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/affiliations/disambiguated/name/(.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/fundingDetails.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />				
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/fundingGroups.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />						
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/getWorkInfo.json(\?.*)?"
- 	      	access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
- 	    <sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/researchResourcePage.json(\?.*)?"
- 	      	access="IS_AUTHENTICATED_ANONYMOUSLY" />
- 	    <sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/researchResource.json(\?.*)?"
- 	      	access="IS_AUTHENTICATED_ANONYMOUSLY" />  	      	 	      	
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/peer-reviews.json(\?.*)?"
- 	      	access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/peer-review.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/peer-reviews-minimized.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/peer-reviews-by-group-id.json(\?.*)?"
- 	      	access="IS_AUTHENTICATED_ANONYMOUSLY" /> 	    
 		<sec:intercept-url pattern="/public/group/[0-9]+(\?.*)?"
  	      	access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/login(\?.*)?"
@@ -353,8 +328,6 @@
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/signin/google(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/userStatus.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/session-expired(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/progress-to-confirm-registration-details(\?.*)?"
@@ -363,8 +336,6 @@
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/register(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/register.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/password-reset.json(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/forgot-id.json(\?.*)?"
@@ -377,8 +348,6 @@
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/claim(.*)Validate.json(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/registerConfirm.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/verify(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/disco(\?.*)?"
@@ -395,23 +364,12 @@
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/spam/report-spam.json"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/orgs/.*" 
-			access="ROLE_USER"/>
-        <sec:intercept-url pattern="/reactivation/.*?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/reactivationConfirm.json(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/reactivationData.json(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/sendReactivation.json"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
         <sec:intercept-url pattern="/countryNamesToCountryCodes.json(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />            
-        <sec:intercept-url pattern="/email-domain/find-category(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/email-domain/find-org(\?.*)?"
             access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/developer-tools" 
+		<sec:intercept-url pattern="/verify-email/[a-zA-Z0-9_-]+(\?lang=[a-zA-Z]*)?"
+			access="IS_AUTHENTICATED_ANONYMOUSLY" />
+
+		<sec:intercept-url pattern="/developer-tools"
 			access="ROLE_USER"/>
 		<sec:intercept-url pattern="/developer-tools/.*" 
 			access="ROLE_USER"/>
@@ -436,11 +394,7 @@
 		<sec:intercept-url pattern="/works/countries.json(\?.*)?" 
 			access="ROLE_USER"/>
 		<sec:intercept-url pattern="/get-my-data" 
-			access="ROLE_USER"/>		
-		<sec:intercept-url pattern="/verify-email/[a-zA-Z0-9_-]+(\?lang=[a-zA-Z]*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/userInfo.json(\?.*)?"
-			access="ROLE_USER" />
+			access="ROLE_USER"/>
 		<sec:intercept-url pattern="/person.json(\?.*)?"
             access="ROLE_USER" />
 		<sec:intercept-url pattern="/2FA/authenticationCode.json(\?.*)?"