diff --git a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt index 241ee0d..42b30b0 100644 --- a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt +++ b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt @@ -2,11 +2,9 @@ package com.android.trisolarisserver.security import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration -import org.springframework.core.annotation.Order import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.http.SessionCreationPolicy -import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer import org.springframework.security.web.SecurityFilterChain import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter @@ -16,31 +14,12 @@ class SecurityConfig( private val firebaseAuthFilter: FirebaseAuthFilter ) { @Bean - fun webSecurityCustomizer(): WebSecurityCustomizer { - return WebSecurityCustomizer { - it.ignoring().requestMatchers("/", "/health", "/auth/**") - } - } - - @Bean - @Order(1) - fun publicChain(http: HttpSecurity): SecurityFilterChain { - http - .securityMatcher("/", "/health", "/auth/**") - .csrf { it.disable() } - .authorizeHttpRequests { it.anyRequest().permitAll() } - .httpBasic { it.disable() } - .formLogin { it.disable() } - return http.build() - } - - @Bean - @Order(2) - fun apiChain(http: HttpSecurity): SecurityFilterChain { + fun filterChain(http: HttpSecurity): SecurityFilterChain { http .csrf { it.disable() } .sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) } .authorizeHttpRequests { + it.requestMatchers("/", "/health", "/auth/**").permitAll() it.anyRequest().authenticated() } .httpBasic { it.disable() }