diff --git a/src/main/java/org/vaadin/example/security/SecurityConfig.java b/src/main/java/org/vaadin/example/security/SecurityConfig.java
index be01dda..82a2380 100644
--- a/src/main/java/org/vaadin/example/security/SecurityConfig.java
+++ b/src/main/java/org/vaadin/example/security/SecurityConfig.java
@@ -12,15 +12,22 @@
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import com.vaadin.flow.spring.security.VaadinWebSecurity;
+import com.vaadin.hilla.route.RouteUtil;
 
 @EnableWebSecurity
 @Configuration
 public class SecurityConfig extends VaadinWebSecurity {
+    private final RouteUtil routeUtil;
+
+    public SecurityConfig(RouteUtil routeUtil) {
+        this.routeUtil = routeUtil;
+    }
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeHttpRequests(registry -> {
             registry.requestMatchers(new AntPathRequestMatcher("/")).permitAll();
+            registry.requestMatchers(routeUtil::isRouteAllowed).permitAll();
         });
         super.configure(http);
         setLoginView(http, "/login", "/");
@@ -46,4 +53,4 @@ public UserDetailsService users() {
                 .build();
         return new InMemoryUserDetailsManager(user, admin);
     }
-}
\ No newline at end of file
+}