Some paths displayed in the rest api docs differ from the paths defined in the spring security config. For admin users that doesnt matter (thats why the forms in the rest api docs always work for admin users, even if the path differs from the spring security config), but for non-admin users (such as api users) these paths wont work and will confuse developers.

Problematic are all paths ending with a slash, such as POST /api/series/ for example. In the spring security config the trailing slash for these paths is always omitted:

<sec:intercept-url pattern="/api/series" method="POST" access="ROLE_ADMIN, ROLE_API_SERIES_CREATE"/>

So we should either

• somehow change the rest api docs to remove the trailing slash (but how to identify theses paths?)
• or change the paths in the spring security docs (sounds more reasonable to me, but could crash a lot of apps)

to get all of this consistent.