diff --git a/src/main/java/com/kamco/cd/training/auth/JwtAuthenticationFilter.java b/src/main/java/com/kamco/cd/training/auth/JwtAuthenticationFilter.java
index 57c0df6..a997eb9 100644
--- a/src/main/java/com/kamco/cd/training/auth/JwtAuthenticationFilter.java
+++ b/src/main/java/com/kamco/cd/training/auth/JwtAuthenticationFilter.java
@@ -23,7 +23,8 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
   private final UserDetailsService userDetailsService;
   private static final AntPathMatcher PATH_MATCHER = new AntPathMatcher();
   private static final String[] EXCLUDE_PATHS = {
-    "/api/auth/signin", "/api/auth/refresh", "/api/auth/logout", "/api/members/*/password"
+    //    "/api/auth/signin", "/api/auth/refresh", "/api/auth/logout", "/api/members/*/password"
+    "/api/auth/signin", "/api/auth/refresh", "/api/auth/logout"
   };
 
   @Override
diff --git a/src/main/java/com/kamco/cd/training/config/SecurityConfig.java b/src/main/java/com/kamco/cd/training/config/SecurityConfig.java
index 0f4068f..dd5ba6d 100644
--- a/src/main/java/com/kamco/cd/training/config/SecurityConfig.java
+++ b/src/main/java/com/kamco/cd/training/config/SecurityConfig.java
@@ -76,13 +76,13 @@ public class SecurityConfig {
                         "/api/auth/logout",
                         "/swagger-ui/**",
                         "/v3/api-docs/**",
-                        "/api/members/*/password",
                         "/api/upload/chunk-upload-dataset",
                         "/api/upload/chunk-upload-complete",
                         "/download_progress_test.html",
                         "/api/models/download/**")
                     .permitAll()
-
+                    .requestMatchers("/api/members/*/password")
+                    .authenticated()
                     // default
                     .anyRequest()
                     .authenticated())