diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index 53adb10..175762b 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -110,7 +110,6 @@ quarkus.oidc.authentication.redirect-path=/auth/callback
 quarkus.oidc.authentication.force-redirect-https-scheme=true
 quarkus.oidc.authentication.restore-path-after-redirect=true
 # Default landing page after successful login
-quarkus.oidc.authentication.redirect-path-after-login=/pages/secure/dashboard.xhtml
 quarkus.oidc.authentication.scopes=openid,profile,email,roles
 quarkus.oidc.token.issuer=https://security.lions.dev/realms/unionflow
 quarkus.oidc.tls.verification=required
@@ -122,13 +121,16 @@ quarkus.oidc.verify-access-token=true
 # Activation de la sécurité
 quarkus.security.auth.enabled=true
 
+# IMPORTANT: L'ordre des permissions compte - les plus spécifiques doivent être EN PREMIER
 # Chemins publics (non protégés par OIDC) - Production
 quarkus.http.auth.permission.public.paths=/,/index.xhtml,/pages/public/*,/auth/*,/q/*,/q/oidc/*,/favicon.ico,/resources/*,/META-INF/resources/*,/images/*,/jakarta.faces.resource/*,/javax.faces.resource/*
 quarkus.http.auth.permission.public.policy=permit
+quarkus.http.auth.permission.public.applies-to=JAXRS,SERVLET
 
 # Tous les autres chemins nécessitent une authentification
-quarkus.http.auth.permission.authenticated.paths=/*
+quarkus.http.auth.permission.authenticated.paths=/pages/secure/*
 quarkus.http.auth.permission.authenticated.policy=authenticated
+quarkus.http.auth.permission.authenticated.applies-to=JAXRS,SERVLET
 
 # Configuration Session - Production
 unionflow.session.timeout=${SESSION_TIMEOUT:1800}