diff --git a/src/main/java/com/faendir/acra/security/SecurityConfiguration.java b/src/main/java/com/faendir/acra/security/SecurityConfiguration.java
index f570320..36a475c 100644
--- a/src/main/java/com/faendir/acra/security/SecurityConfiguration.java
+++ b/src/main/java/com/faendir/acra/security/SecurityConfiguration.java
@@ -127,10 +127,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                 .and()
                 .sessionManagement()
                 .and()
-                .antMatcher("/" + RestReportInterface.REPORT_PATH)
-                .httpBasic()
-                .and()
-                .antMatcher("/" + RestApiInterface.API_PATH + "/**")
+                .regexMatcher("/(" + RestReportInterface.REPORT_PATH + "|" + RestApiInterface.API_PATH + "/.*)")
                 .httpBasic();
     }
 
diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml
index fea9b37..fa5895a 100644
--- a/src/main/resources/db/changelog/db.changelog-master.yaml
+++ b/src/main/resources/db/changelog/db.changelog-master.yaml
@@ -619,10 +619,13 @@ databaseChangeLog:
 - changeSet:
     id: 2018-08-24-fix-permission-key
     author: lukas
+    validCheckSum:
+    - 7:eb8588c3140f88c4e61d82d6fbe06846
     changes:
     - addNotNullConstraint:
         columnName: app_id
         tableName: user_permissions
+        columnDataType: INT
     - addPrimaryKey:
         columnNames: user_username, app_id
         tableName: user_permissions