diff --git a/src/main/java/cz/cvut/kbss/termit/config/SecurityConfig.java b/src/main/java/cz/cvut/kbss/termit/config/SecurityConfig.java
index 799309643..9ae7ba447 100644
--- a/src/main/java/cz/cvut/kbss/termit/config/SecurityConfig.java
+++ b/src/main/java/cz/cvut/kbss/termit/config/SecurityConfig.java
@@ -47,6 +47,8 @@
 import java.util.Arrays;
 import java.util.Collections;
 
+import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;
+
 @ConditionalOnProperty(prefix = "termit.security", name = "provider", havingValue = "internal", matchIfMissing = true)
 @Configuration
 @EnableWebSecurity
@@ -88,8 +90,8 @@ public SecurityConfig(AuthenticationProvider authenticationProvider,
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         LOG.debug("Using internal security mechanisms.");
         final AuthenticationManager authManager = buildAuthenticationManager(http);
-        http.authorizeHttpRequests((auth) -> auth.requestMatchers("/rest/query").permitAll()
-                                                 .requestMatchers("/**").permitAll())
+        http.authorizeHttpRequests((auth) -> auth.requestMatchers(antMatcher("/rest/query")).permitAll()
+                                                 .requestMatchers(antMatcher("/**")).permitAll())
             .cors((auth) -> auth.configurationSource(corsConfigurationSource()))
             .csrf(AbstractHttpConfigurer::disable)
             .exceptionHandling(ehc -> ehc.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))