8 сар өмнө · 35a800a643
--- a/src/main/java/com/danielbohry/authservice/config/SecurityConfig.java
+++ b/src/main/java/com/danielbohry/authservice/config/SecurityConfig.java
@@ -11,6 +11,7 @@ import org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
				 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
			
 
				 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			
 
				 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			
 
				+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
			
 
				 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
			
 
				 import org.springframework.security.crypto.password.PasswordEncoder;
			
 
				 import org.springframework.security.web.SecurityFilterChain;
			
@@ -28,15 +29,16 @@ public class SecurityConfig {
 
				 
			
 
				     @Bean
			
 
				     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
			
 
				-        http.csrf().disable()
			
 
				-                .authorizeHttpRequests(requests -> requests
			
 
				-                        .requestMatchers("/actuator/health", "/actuator/info", "/actuator/prometheus", "/api/register", "/api/authenticate").permitAll()
			
 
				-                        .requestMatchers("/api/users", "api/authorize").authenticated()
			
 
				-                        .anyRequest().authenticated()
			
 
				-                )
			
 
				-                .sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS))
			
 
				-                .authenticationProvider(authenticationProvider())
			
 
				-                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
			
 
				+        http
			
 
				+            .csrf(AbstractHttpConfigurer::disable)
			
 
				+            .authorizeHttpRequests(requests -> requests
			
 
				+                .requestMatchers("/actuator/health", "/actuator/info", "/actuator/prometheus", "/api/register", "/api/authenticate").permitAll()
			
 
				+                .requestMatchers("/api/users", "api/authorize").authenticated()
			
 
				+                .anyRequest().authenticated()
			
 
				+            )
			
 
				+            .sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS))
			
 
				+            .authenticationProvider(authenticationProvider())
			
 
				+            .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
			
 
				         return http.build();
			
 
				     }