From 2e0c93a400f85f3bac8429057b0d5e72d0728132 Mon Sep 17 00:00:00 2001
From: "Max W." <66736561+Walzen665@users.noreply.github.com>
Date: Mon, 9 Sep 2024 00:36:52 +0200
Subject: [PATCH] Update SecurityConfig.java

---
 src/main/java/de/w665/biblenotes/config/SecurityConfig.java | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/main/java/de/w665/biblenotes/config/SecurityConfig.java b/src/main/java/de/w665/biblenotes/config/SecurityConfig.java
index 566efca..1f60e36 100644
--- a/src/main/java/de/w665/biblenotes/config/SecurityConfig.java
+++ b/src/main/java/de/w665/biblenotes/config/SecurityConfig.java
@@ -32,16 +32,14 @@ public class SecurityConfig {
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-
-        // TODO: Fix security config for this project (currently old state from sharepulse)
-
+        
         http
                 .csrf(csrf -> csrf.ignoringRequestMatchers("/api/v1/**")) // Disable CSRF for API routes
                 .sessionManagement(sessionManagement -> sessionManagement
                         .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // No session will be created by Spring Security
                 )
                 .authorizeHttpRequests(authorize -> authorize
-                        .requestMatchers("/api/v1/secure/**").authenticated() // Secure these endpoints
+                        .requestMatchers("/api/v1/**").authenticated() // Secure all /api/v1/** routes
                         .anyRequest().permitAll() // All other requests are allowed without authentication
                 )
                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) // Apply JWT filter