From f6ca912ed13745140210a1f313de3dff990375ea Mon Sep 17 00:00:00 2001
From: Petr Rudichev <petrrudichev@gmail.com>
Date: Thu, 20 Feb 2025 15:21:20 +0300
Subject: [PATCH] security: update WebSecurityConfig

---
 .../com/example/nto/config/WebSecurityConfig.java | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/src/main/java/com/example/nto/config/WebSecurityConfig.java b/src/main/java/com/example/nto/config/WebSecurityConfig.java
index 350422c..3d477d5 100644
--- a/src/main/java/com/example/nto/config/WebSecurityConfig.java
+++ b/src/main/java/com/example/nto/config/WebSecurityConfig.java
@@ -5,7 +5,6 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -33,21 +32,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         http.csrf().disable()
                 .authorizeRequests()
                 .antMatchers("/h2-console/**").permitAll()
-                .antMatchers("/api/v1/images/**").permitAll()
-                .antMatchers("/api/v1/volunteers/login").permitAll()
-                .antMatchers("/api/v1/volunteers/register").permitAll()
-
-                .antMatchers("/api/v1/**").permitAll()
-                //.antMatchers("/api/v1/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
+                .antMatchers("/api/v1/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
+                .antMatchers("/api/v1/authorization/login").permitAll()
+                .antMatchers("/api/v1/authorization/register").permitAll()
                 .anyRequest().authenticated()
                 .and()
                 .httpBasic()
                 .and()
                 .headers().frameOptions().disable();
     }
-
-    @Override
-    public void configure(WebSecurity web) {
-        web.ignoring().antMatchers("/api/v1/volunteers/images");
-    }
 }