added slashes to patterns what needed them, removed vestigial intercept from user-context

openid-connect-server/src/main/webapp/WEB-INF/application-context.xml

@@ -64,8 +64,8 @@
 	<security:http pattern="/jwk**" use-expressions="true" entry-point-ref="http403EntryPoint">
 		<security:intercept-url pattern="/jwk**" access="permitAll"/>
 	</security:http>
-	<security:http pattern="/.well-known**" use-expressions="true" entry-point-ref="http403EntryPoint">
-		<security:intercept-url pattern="/.well-known**" access="permitAll"/>
+	<security:http pattern="/.well-known/**" use-expressions="true" entry-point-ref="http403EntryPoint">
+		<security:intercept-url pattern="/.well-known/**" access="permitAll"/>
 	</security:http>
 	<security:http pattern="/x509**" use-expressions="true" entry-point-ref="http403EntryPoint">
 		<security:intercept-url pattern="/x509**" access="permitAll"/>	
@@ -81,7 +81,7 @@
 		<security:expression-handler ref="oauthWebExpressionHandler" />
 	</security:http>
 
- 	<security:http pattern="/api**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint">
+ 	<security:http pattern="/api/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint">
 		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
 		<security:expression-handler ref="oauthWebExpressionHandler" />
 	</security:http>

openid-connect-server/src/main/webapp/WEB-INF/user-context.xml

@@ -32,7 +32,6 @@
 		
 	<security:http disable-url-rewriting="true" use-expressions="true"> 
 		<security:form-login login-page="/login" />
-		<security:intercept-url pattern="/oauth/**" access="hasRole('ROLE_USER')" />
 		<security:intercept-url pattern="/**" access="permitAll" />
 		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
 		<security:logout/>