Update SecurityConfig.java

2024-09-09 00:36:52 +02:00 · 2024-09-09 00:36:52 +02:00 · 2e0c93a400
commit 2e0c93a400
parent ba239764bf
1 changed files with 2 additions and 4 deletions
--- a/src/main/java/de/w665/biblenotes/config/SecurityConfig.java
+++ b/src/main/java/de/w665/biblenotes/config/SecurityConfig.java
@ -32,16 +32,14 @@ public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-
-        // TODO: Fix security config for this project (currently old state from sharepulse)
-
+        
        http
                .csrf(csrf -> csrf.ignoringRequestMatchers("/api/v1/**")) // Disable CSRF for API routes
                .sessionManagement(sessionManagement -> sessionManagement
                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // No session will be created by Spring Security
                )
                .authorizeHttpRequests(authorize -> authorize
-                        .requestMatchers("/api/v1/secure/**").authenticated() // Secure these endpoints
+                        .requestMatchers("/api/v1/**").authenticated() // Secure all /api/v1/** routes
                        .anyRequest().permitAll() // All other requests are allowed without authentication
                )
                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) // Apply JWT filter