Simplify security config and permit auth endpoints

2026-01-26 21:20:20 +05:30
parent 6f961cb599
commit 05b8fd409c
1 changed files with 2 additions and 23 deletions
--- a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
@@ -2,11 +2,9 @@ package com.android.trisolarisserver.security

 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.core.annotation.Order
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.http.SessionCreationPolicy
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

@@ -16,31 +14,12 @@ class SecurityConfig(
    private val firebaseAuthFilter: FirebaseAuthFilter
 ) {
    @Bean
-    fun webSecurityCustomizer(): WebSecurityCustomizer {
-        return WebSecurityCustomizer {
-            it.ignoring().requestMatchers("/", "/health", "/auth/**")
-        }
-    }
-
-    @Bean
-    @Order(1)
-    fun publicChain(http: HttpSecurity): SecurityFilterChain {
-        http
-            .securityMatcher("/", "/health", "/auth/**")
-            .csrf { it.disable() }
-            .authorizeHttpRequests { it.anyRequest().permitAll() }
-            .httpBasic { it.disable() }
-            .formLogin { it.disable() }
-        return http.build()
-    }
-
-    @Bean
-    @Order(2)
-    fun apiChain(http: HttpSecurity): SecurityFilterChain {
+    fun filterChain(http: HttpSecurity): SecurityFilterChain {
        http
            .csrf { it.disable() }
            .sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
            .authorizeHttpRequests {
+                it.requestMatchers("/", "/health", "/auth/**").permitAll()
                it.anyRequest().authenticated()
            }
            .httpBasic { it.disable() }