diff --git a/modules/content_management/class/class_content_manager_tools_Abstract.php b/modules/content_management/class/class_content_manager_tools_Abstract.php
index f7ad3ab383ab63cbc66dc5aaf13e007f539d3e48..f807699bdd1e77a311e30dc956a0fea91e1c54d4 100755
--- a/modules/content_management/class/class_content_manager_tools_Abstract.php
+++ b/modules/content_management/class/class_content_manager_tools_Abstract.php
@@ -447,7 +447,7 @@ abstract class content_management_tools_Abstract
         $pathUrl = trim($_SESSION['config']['coreurl'], '/');
 
         $jnlp_attribute2 = $docXML->createAttribute('codebase'); 
-        $jnlp_attribute2->value = $pathUrl . '/rest/jnlpDownload/';
+        $jnlp_attribute2->value = $pathUrl . '/rest/jnlp/';
         $jnlp_balise->appendChild($jnlp_attribute2);
 
         $jnlp_attribute3 = $docXML->createAttribute('href');
@@ -635,7 +635,7 @@ abstract class content_management_tools_Abstract
         $_SESSION['cm_applet'][$_SESSION['user']['UserId']][$uid_applet_name]=$uid_applet_name.'.lck';
 
         $pathUrl = trim($_SESSION['config']['coreurl'], '/');
-        $file = "{$pathUrl}/rest/jnlpDownload/{$jnlp_name}";
+        $file = "{$pathUrl}/rest/jnlp/{$jnlp_name}";
 
         //echo '<a id="jnlp_file" href="'.$file.'" onclick="window.location.href=\''.$file.'\';self.close();"></a>';
         echo '<script>window.location.href=\''.$file.'\';if($(\'CMApplet\')) {destroyModal(\'CMApplet\');};if($(\'CMApplet\')) {destroyModal(\'CMApplet\');};</script>';
diff --git a/rest/index.php b/rest/index.php
index 05360b2c87d7520fbaac2a9326447e21016ab51e..20a237be58d55900f103cb1b5ad7d88388bf6a71 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -30,11 +30,12 @@ $app = new \Slim\App(['settings' => ['displayErrorDetails' => true, 'determineRo
 
 //Authentication
 $app->add(function (\Slim\Http\Request $request, \Slim\Http\Response $response, callable $next) {
-    $routesWithoutAuthentication = ['/jnlpDownload/{jnlpUniqueId}'];
+    $routesWithoutAuthentication = ['GET/jnlp/{jnlpUniqueId}'];
     $route = $request->getAttribute('route');
+    $currentMethod = empty($route) ? '' : $route->getMethods()[0];
     $currentRoute = empty($route) ? '' : $route->getPattern();
 
-    if (!in_array($currentRoute, $routesWithoutAuthentication)) {
+    if (!in_array($currentMethod.$currentRoute, $routesWithoutAuthentication)) {
         $userId = \SrcCore\controllers\AuthenticationController::authentication();
         if (!empty($userId)) {
             $GLOBALS['userId'] = $userId;
@@ -173,7 +174,6 @@ $app->get('/home/lastRessources', \Home\controllers\HomeController::class . ':ge
 
 //Jnlp
 $app->post('/jnlp', \ContentManagement\controllers\JnlpController::class . ':generateJnlp');
-$app->get('/jnlpDownload/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':donwloadJnlp');
 $app->get('/jnlp/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':renderJnlp');
 $app->post('/jnlp/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':processJnlp');
 $app->get('/jnlp/lock/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':isLockFileExisting');
diff --git a/src/app/contentManagement/controllers/JnlpController.php b/src/app/contentManagement/controllers/JnlpController.php
index 873f85c5b97c0a08e3cadb8ed0afb097ad20edf3..1ab441993d2133985550ca5c6126468ae377d55e 100644
--- a/src/app/contentManagement/controllers/JnlpController.php
+++ b/src/app/contentManagement/controllers/JnlpController.php
@@ -180,14 +180,10 @@ class JnlpController
         return $response->withJson(['generatedJnlp' => $jnlpFileNameExt, 'jnlpUniqueId' => $jnlpUniqueId]);
     }
 
-    public function donwloadJnlp(Request $request, Response $response, array $aArgs)
+    public function renderJnlp(Request $request, Response $response, array $aArgs)
     {
-        $data = $request->getQueryParams();
-
         if (explode('.', $aArgs['jnlpUniqueId'])[1] != 'jnlp') {
             return $response->withStatus(403)->withJson(['errors' => 'File extension forbidden']);
-        } elseif (strpos($aArgs['jnlpUniqueId'], "{$GLOBALS['userId']}_maarchCM_") === false) {
-            return $response->withStatus(403)->withJson(['errors' => 'File name forbidden']);
         }
 
         $tmpPath = CoreConfigModel::getTmpPath();
diff --git a/test/unitTests/core/CoreControllerTest.php b/test/unitTests/core/CoreControllerTest.php
index 8e879e4eef4a50e294ad06f2a66f23fec909c620..78f906a7f6dc0b0436728321235f0d82d15697e2 100644
--- a/test/unitTests/core/CoreControllerTest.php
+++ b/test/unitTests/core/CoreControllerTest.php
@@ -31,31 +31,12 @@ class CoreControllerTest extends TestCase
 
     public function testrenderJnlp()
     {
-        // ERROR FILE NAME
         $coreController = new \ContentManagement\controllers\JnlpController();
 
         $environment = \Slim\Http\Environment::mock(['REQUEST_METHOD' => 'GET']);
-        $request     = \Slim\Http\Request::createFromEnvironment($environment);
-
-        $aArgs = [
-            'fileName' => 'superadmin_maarch_12345.jnlp'
-        ];
-        $fullRequest = $request->withQueryParams($aArgs);
-
-        $response     = $coreController->renderJnlp($fullRequest, new \Slim\Http\Response());
-        $responseBody = json_decode((string)$response->getBody());
-
-        $this->assertSame('File name forbidden', $responseBody->errors);
-
-        // ERROR EXTENSION
         $request = \Slim\Http\Request::createFromEnvironment($environment);
 
-        $aArgs = [
-            'fileName' => 'superadmin_maarchCM_12345.js'
-        ];
-        $fullRequest = $request->withQueryParams($aArgs);
-
-        $response     = $coreController->renderJnlp($fullRequest, new \Slim\Http\Response());
+        $response     = $coreController->renderJnlp($request, new \Slim\Http\Response(), ['jnlpUniqueId' => 'superadmin_maarchCM_12345.js']);
         $responseBody = json_decode((string)$response->getBody());
 
         $this->assertSame('File extension forbidden', $responseBody->errors);