diff --git a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
index 03069861ac..898ce26883 100644
--- a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
+++ b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
@@ -202,12 +202,7 @@ public class ThingsboardSecurityConfiguration {
     @Bean
     @Order(1)
     public SecurityFilterChain noAuthFilterChain(HttpSecurity http) throws Exception {
-        http.headers(headers -> headers
-                        .cacheControl(config -> {})
-                        .frameOptions(config -> {}).disable())
-                .cors(cors -> {})
-                .csrf(AbstractHttpConfigurer::disable)
-                .exceptionHandling(config -> {})
+        configureCommonHttpSecurity(http)
                 .securityMatchers(config -> config
                         .requestMatchers(
                                 DEVICE_API_ENTRY_POINT, // Device HTTP Transport API
@@ -225,21 +220,8 @@ public class ThingsboardSecurityConfiguration {
     @Bean
     @Order(2)
     SecurityFilterChain authFilterChain(HttpSecurity http) throws Exception {
-        http.headers(headers -> headers
-                        .cacheControl(config -> {})
-                        .frameOptions(config -> {}).disable())
-                .cors(cors -> {})
-                .csrf(AbstractHttpConfigurer::disable)
-                .exceptionHandling(config -> {})
-                .sessionManagement(config -> config.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .securityMatcher(TOKEN_BASED_AUTH_ENTRY_POINT) // Protected API End-points
-                .authorizeHttpRequests(config -> config.anyRequest().authenticated())
-                .exceptionHandling(config -> config.accessDeniedHandler(restAccessDeniedHandler))
-                .addFilterBefore(buildRestLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
-                .addFilterBefore(buildRestPublicLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
-                .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
-                .addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
-                .addFilterAfter(rateLimitProcessingFilter, UsernamePasswordAuthenticationFilter.class);
+        configureCommonHttpSecurity(http)
+                .securityMatcher(TOKEN_BASED_AUTH_ENTRY_POINT); // Protected API End-points
         if (oauth2Configuration != null) {
             http.oauth2Login(login -> login
                     .authorizationEndpoint(config -> config
@@ -253,6 +235,21 @@ public class ThingsboardSecurityConfiguration {
         return http.build();
     }
 
+    private HttpSecurity configureCommonHttpSecurity(HttpSecurity http) throws Exception {
+        return http.headers(headers -> headers
+                        .cacheControl(config -> {})
+                        .frameOptions(config -> {}).disable())
+                .cors(cors -> {})
+                .csrf(AbstractHttpConfigurer::disable)
+                .exceptionHandling(config -> {})
+                .sessionManagement(config -> config.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .addFilterBefore(buildRestLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(buildRestPublicLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
+                .addFilterAfter(rateLimitProcessingFilter, UsernamePasswordAuthenticationFilter.class);
+    }
+
     @Bean
     @ConditionalOnMissingBean(CorsFilter.class)
     public CorsFilter corsFilter(@Autowired MvcCorsProperties mvcCorsProperties) {
diff --git a/application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java b/application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java
index 5365c9fbec..1cf389a93d 100644
--- a/application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java
@@ -167,4 +167,10 @@ public class AuthControllerTest extends AbstractControllerTest {
                         .andExpect(jsonPath("$.message",
                                 is("Password must be no more than 72 characters in length.")));
     }
+
+    @Test
+    public void testGetPageWithoutRedirect() throws Exception {
+        doGet("/login").andExpect(status().isOk());
+        doGet("/home").andExpect(status().isOk());
+    }
 }