src/main/java/com/guams/review/configuration/SpringSecurityConfig.java

@@ -36,6 +36,7 @@ public class SpringSecurityConfig {
                         .requestMatchers(HttpMethod.GET,
                                 "/api/authors",
                                 "/api/authors/{id}",
+                                "/api/authors/{id}/avatar",
                                 "/api/authors/{id}/posts",
                                 "/api/posts",
                                 "/api/posts/{id}",

src/main/java/com/guams/review/controller/AuthorController.java

@@ -26,6 +26,7 @@ import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
 import java.io.IOException;
+import java.util.Base64;
 import java.util.List;
 import java.util.UUID;
 
@@ -76,7 +77,7 @@ public class AuthorController {
     @GetMapping("/{id}/avatar")
     public byte[] getProfilePicture(@PathVariable UUID id) {
         Author author = authorService.findById(id).orElseThrow(() -> new NotFoundException("Author not found"));
-        return author.getProfilePicture();
+        return Base64.getEncoder().encode(author.getProfilePicture());
     }
 
     @DeleteMapping("/{id}")