diff --git a/backend/src/main/java/ch/xxx/moviemanager/adapter/config/SecurityConfig.java b/backend/src/main/java/ch/xxx/moviemanager/adapter/config/SecurityConfig.java index a6f396e..38d5323 100644 --- a/backend/src/main/java/ch/xxx/moviemanager/adapter/config/SecurityConfig.java +++ b/backend/src/main/java/ch/xxx/moviemanager/adapter/config/SecurityConfig.java @@ -24,6 +24,7 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import ch.xxx.moviemanager.usecase.service.JwtTokenService; @@ -41,8 +42,8 @@ public SecurityConfig(JwtTokenService jwtTokenService) { public SecurityFilterChain configure(HttpSecurity http) throws Exception { JwtTokenFilter customFilter = new JwtTokenFilter(jwtTokenService); HttpSecurity httpSecurity = http - .authorizeHttpRequests(authorize -> authorize.requestMatchers("/rest/auth/**").permitAll() - .requestMatchers("/rest/**").authenticated().requestMatchers("/**").permitAll()) + .authorizeHttpRequests(authorize -> authorize.requestMatchers(AntPathRequestMatcher.antMatcher("/rest/auth/**")).permitAll() + .requestMatchers(AntPathRequestMatcher.antMatcher("/rest/**")).authenticated().requestMatchers(AntPathRequestMatcher.antMatcher("/**")).permitAll()) .csrf(myCsrf -> myCsrf.disable()) .sessionManagement(mySm -> mySm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .headers(myHeaders -> myHeaders.xssProtection(myXss -> myXss.headerValue(HeaderValue.ENABLED))) diff --git a/pom.xml b/pom.xml index cb04ae5..6ec3778 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ org.springframework.boot spring-boot-starter-parent - 3.1.1 + 3.1.4