diff --git a/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java b/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java
index 2f39f5b..5c22184 100644
--- a/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java
+++ b/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java
@@ -12,6 +12,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
@@ -57,12 +58,16 @@ public class AaiSecurityConfiguration extends WebSecurityConfigurerAdapter {
         auth.authenticationProvider(openIdConnectAuthenticationProvider());
     }
 
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/stats/**");
+    }
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.csrf().disable()
                 .anonymous().disable()
                 .authorizeRequests()
-		.antMatchers("/stats").permitAll()
                 .anyRequest().authenticated()
                 .and()
                     .httpBasic()