Changeset deea3c4 for src/main/java/com/example/rezevirajmasa/demo/config/SecurityConfig.java

Timestamp:

04/28/25 14:21:17 (3 weeks ago)

Author:

Aleksandar Panovski <apano77@…>

Branches:

main

Children:

e15e8d9

Parents:

f5b256e

Message:

Big change done fully handle_reservation_update() trigger works

File:

• src/main/java/com/example/rezevirajmasa/demo/config/SecurityConfig.java (modified) (3 diffs)

src/main/java/com/example/rezevirajmasa/demo/config/SecurityConfig.java

@@ -19 +19 @@
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.context.annotation.Bean;
@@ -26 +27 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.List;
 
 @Configuration
@@ -55 +58 @@
     }
 
-//    @Bean
-//    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-//        http
-//                .exceptionHandling(exception -> exception.authenticationEntryPoint(customerAuthenticationEntryPoint))
-//                .addFilterBefore(new JwtAuthFilter(userAuthProvider), BasicAuthenticationFilter.class)
-//                .csrf(AbstractHttpConfigurer::disable)
-//                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-//                .authorizeHttpRequests(requests -> requests
-//                        .requestMatchers(HttpMethod.POST, "/api/login", "/api/register").permitAll()
-//                        .requestMatchers("/", "/home").authenticated()  // Restrict `/` to authenticated users
-//                        .anyRequest().authenticated()
-//                )
-//                .logout(logout -> logout
-//                        .logoutUrl("/logout")
-//                        .clearAuthentication(true)
-//                        .invalidateHttpSession(true)
-//                        .deleteCookies("JSESSIONID")
-//                        .logoutSuccessUrl("/api/login")  // Redirect to login page after logout
-//                );
-//
-//        return http.build();
-//    }
-
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
-                .exceptionHandling((exception) -> exception.authenticationEntryPoint(customerAuthenticationEntryPoint))
-                .addFilterBefore(new JwtAuthFilter(userAuthProvider), BasicAuthenticationFilter.class)
                 .csrf(AbstractHttpConfigurer::disable)
-                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .authorizeHttpRequests((requests) -> requests
-                        .requestMatchers(HttpMethod.POST, "/api/login", "/api/register").permitAll()
-                        .anyRequest().authenticated());
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/api/auth/**").permitAll()
+                        .requestMatchers("/api/user/**", "/api/cuisineTypes", "/api/restaurants").authenticated()
+                )
+                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+
         return http.build();
     }