From 293b73cf2a607663bee1832fccf9ac03bbe3ffdc Mon Sep 17 00:00:00 2001
From: vedang29 <vedang294@gmail.com>
Date: Tue, 15 Apr 2025 02:41:21 +0530
Subject: [PATCH] Removed deprecated CORS errors

---
 .../config/SecurityConfiguration.java         | 50 +++++++++++++------
 1 file changed, 34 insertions(+), 16 deletions(-)

diff --git a/src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfiguration.java b/src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfiguration.java
index 102988d..d16c4c4 100644
--- a/src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfiguration.java
+++ b/src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfiguration.java
@@ -28,27 +28,45 @@ public class SecurityConfiguration {
         this.jwtAuthenticationFilter = jwtAuthenticationFilter;
     }
 
+//    @Bean
+//    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+//        http.csrf()
+//                .disable()
+//                .authorizeHttpRequests()
+//                .requestMatchers("/api/hdfs/**") // Specific API endpoints that don't require authentication
+//                .permitAll()
+//                .requestMatchers("/api/**") // Other endpoints that should be open
+//                .permitAll()
+//                .anyRequest()
+//                .authenticated() // All other requests require authentication
+//                .and()
+//                .sessionManagement()
+//                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+//                .and()
+//                .authenticationProvider(authenticationProvider)
+//                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+//
+//        return http.build();
+//    }
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http.csrf()
-                .disable()
-                .authorizeHttpRequests()
-                .requestMatchers("/api/hdfs/**") // Specific API endpoints that don't require authentication
-                .permitAll()
-                .requestMatchers("/api/**") // Other endpoints that should be open
-                .permitAll()
-                .anyRequest()
-                .authenticated() // All other requests require authentication
-                .and()
-                .sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and()
+        return http
+                .securityMatcher("/**")
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/api/hdfs/**", "/api/**").permitAll()
+                        .anyRequest().authenticated()
+                )
+                .sessionManagement(session -> session
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                )
                 .authenticationProvider(authenticationProvider)
-                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
-
-        return http.build();
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
+                .csrf(csrf -> csrf.disable())
+                .build();
     }
 
+
 //    @Bean
 //    CorsConfigurationSource corsConfigurationSource() {
 //        CorsConfiguration configuration = new CorsConfiguration();