diff --git a/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java
index 5b90f97..8a2bbbd 100644
--- a/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java
+++ b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java
@@ -16,6 +16,7 @@ public class WebSecurityConfig {
         http.authorizeHttpRequests((requests) -> requests.requestMatchers("/", "/accueil").permitAll()
                         .requestMatchers("/accueil", "/login", "/inscription", "/searchArticle").permitAll()
                         .requestMatchers("/css/**", "/images/**", "/assets/**", "/img/**", "/js/**").permitAll()
+                        .requestMatchers("/profile").hasAnyRole("MEMBRE", "ADMIN")
                         .requestMatchers("/admin").hasRole("ADMIN")
                         .anyRequest().authenticated())
                 .formLogin((form) -> form.loginPage("/login").defaultSuccessUrl("/", true))