Harden ApplicationConfiguration with stronger BCrypt, cleanup, and security improvements

- Increased BCrypt password encoder strength to 12 for better hashing security.
- Switched to PasswordEncoder interface for flexibility (e.g., Argon2 support).
- Removed unused import (java.security.AuthProvider).
- Made all @Bean methods explicitly public.
- Added JavaDoc comments for better readability and maintainability.
- Improved exception message in UserDetailsService for clarity.

src/main/java/com/skycrate/backend/skycrateBackend/config/ApplicationConfiguration.java

@@ -1,7 +1,5 @@
 package com.skycrate.backend.skycrateBackend.config;
 
-import java.security.AuthProvider;
-
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -10,38 +8,48 @@ import org.springframework.security.authentication.dao.DaoAuthenticationProvider
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.crypto.bcrypt.BCrypt;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 
 import com.skycrate.backend.skycrateBackend.repository.UserRepository;
 
+ // Application-wide security configuration.
+ // Configures user authentication, password encoding, and authentication provider.
 @Configuration
 public class ApplicationConfiguration {
+
     private final UserRepository userRepository;
-    public ApplicationConfiguration(UserRepository userRepository){
-        this.userRepository=userRepository;
 
-    }  
+    public ApplicationConfiguration(UserRepository userRepository) {
+        this.userRepository = userRepository;
+    }
+
+     // Custom UserDetailsService to fetch user details by email.
     @Bean
-     UserDetailsService userDetailsService() {
+    public UserDetailsService userDetailsService() {
         return username -> userRepository.findByEmail(username)
-                .orElseThrow(() -> new UsernameNotFoundException("User not found"));
+                .orElseThrow(() -> new UsernameNotFoundException("User not found with email: " + username));
-    }
-    @Bean
-    BCryptPasswordEncoder passwordEncoder(){
-        return new BCryptPasswordEncoder();
     }
 
+     // BCrypt password encoder with a higher strength for better security.
+     // Cost factor 12 is considered a good balance for production use.
     @Bean
-    public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception{
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder(12);
+    }
+
+     // AuthenticationProvider using DAO with custom user service and password encoder.
+    @Bean
+    public AuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
+        authProvider.setUserDetailsService(userDetailsService());
+        authProvider.setPasswordEncoder(passwordEncoder());
+        return authProvider;
+    }
+
+     // Provides the AuthenticationManager for authenticating credentials.
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
         return config.getAuthenticationManager();
     }
-
+}
-    @Bean
-    AuthenticationProvider authenticationProvider(){
-        DaoAuthenticationProvider authprovider=new DaoAuthenticationProvider();
-        authprovider.setUserDetailsService(userDetailsService());
-        authprovider.setPasswordEncoder(passwordEncoder());
-        return authprovider;
-    }
-}