restricted access to /authorize to ROLE_USER accounts, closes #892

openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml

@@ -44,6 +44,7 @@
 	
 	<security:http disable-url-rewriting="true" use-expressions="true"> 
 		<security:form-login login-page="/login" authentication-failure-url="/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />
+		<security:intercept-url pattern="/authorize" access="hasRole('ROLE_USER')" />
 		<security:intercept-url pattern="/**" access="permitAll" />
 		<security:custom-filter ref="promptFilter" after="SECURITY_CONTEXT_FILTER" />
 		<security:logout logout-url="/logout" />