updated security config

src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java

@@ -96,53 +96,32 @@ public class SecurityConfig {
     }
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        // Apply stateless session management globally
-        http.csrf(AbstractHttpConfigurer::disable)
-            .authorizeHttpRequests(auth -> auth
-                // Public endpoints
+        http.csrf(AbstractHttpConfigurer::disable).authorizeHttpRequests(auth -> auth
+                // Allow public access to the login endpoints
                 .requestMatchers("/v1/user/login").permitAll() // JWT-based login
                 .requestMatchers("/v1/user").permitAll() // User registration
                 .requestMatchers("/v1/user/sso/validate/existing-user/{token}").permitAll()
                 .requestMatchers("/v1/user/sso/validate/new-user/{token}").permitAll()
+                .requestMatchers("/v1/saml/**").permitAll() // JWT-based login
+                .requestMatchers("/saml2/**").permitAll() // SAML login initiation
                 .requestMatchers("/swagger-ui/**").permitAll() // Swagger docs
                 .requestMatchers("/v1/api-docs/**").permitAll() // API docs
-
-                // SAML-related endpoints
-                .requestMatchers("/v1/saml/**", "/saml2/**").permitAll()
-
-                // Other authenticated requests
                 .anyRequest().authenticated())
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .addFilterBefore(corsFilter(), UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(new JWTFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class)
+                // Add SAML2 login configuration (for BENEFICIARI)
+                /*
+                 * .saml2Login(saml -> saml.loginPage("/saml/login") // Entry point for SAML
+                 * login .defaultSuccessUrl("/") // Redirect after successful SAML login );
+                 */
+				.saml2Login(saml -> saml.defaultSuccessUrl("/").successHandler(samlSuccessHandler)
+						.failureHandler(samlFailureHandler));
 
-            // Globally use stateless session management for most requests
-            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-
-            // SAML2 login configuration
-            .saml2Login(saml -> saml
-                .defaultSuccessUrl("/")
-                .successHandler(samlSuccessHandler)
-                .failureHandler(samlFailureHandler));
 
         return http.build();
     }
 
-    // Add another SecurityFilterChain for SAML requests with stateful session management
-    @Bean
-    public SecurityFilterChain samlSecurityFilterChain(HttpSecurity http) throws Exception {
-        // Apply stateful session management for SAML-related endpoints
-        http
-            .securityMatcher("/v1/saml/**", "/saml2/**") // Match SAML requests
-            .authorizeHttpRequests(auth -> auth
-                .requestMatchers("/v1/saml/**", "/saml2/**").permitAll()
-                .anyRequest().authenticated())
-
-            // Use stateful session management for SAML requests
-            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED));
-
-        return http.build();
-    }
-
-
-
     @Bean
     public OpenAPI customOpenAPI() {
         return new OpenAPI()