conflicts resolved

src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java

@@ -15,12 +15,10 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.access.intercept.AuthorizationFilter;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
@@ -39,12 +37,10 @@ import net.gepafin.tendermanagement.config.jwt.TokenProvider;
 public class SecurityConfig {
 
     private final TokenProvider tokenProvider;
-    private final CorsConfigurationSource corsConfigurationSource;
 
     @Autowired
-    public SecurityConfig(TokenProvider tokenProvider, CorsConfigurationSource corsConfigurationSource) {
+    public SecurityConfig(TokenProvider tokenProvider) {
         this.tokenProvider = tokenProvider;
-        this.corsConfigurationSource = corsConfigurationSource;
     }
 
     @Bean
@@ -71,17 +67,25 @@ public class SecurityConfig {
                 .requestMatchers(new AntPathRequestMatcher("/swagger-ui/**"));
     }
 
-//    @Bean
-//    public CorsConfigurationSource corsConfigurationSource() {
-//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-//        CorsConfiguration config = new CorsConfiguration();
-//        config.setAllowCredentials(true);
-//        config.addAllowedOrigin("http://localhost:3000"); // Change this to your frontend URL
-//        config.addAllowedHeader("*");
-//        config.addAllowedMethod("*");
-//        source.registerCorsConfiguration("/**", config);
-//        return source;
-//    }
+    
+    @Bean
+    public CorsFilter corsFilter() {
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+
+        CorsConfiguration config = new CorsConfiguration();
+        config.addAllowedOrigin("*");
+	    config.addAllowedMethod("*");
+	    config.addAllowedHeader("*");
+        config.setMaxAge(3600l);
+
+        if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) {
+            source.registerCorsConfiguration("/v1/**", config);
+            source.registerCorsConfiguration("/management/**", config);
+            source.registerCorsConfiguration("/v1/api-docs", config);
+        }
+        return new CorsFilter(source);
+    }
 
     @Bean
     public CorsFilter corsFilter() {
@@ -94,7 +98,6 @@ public class SecurityConfig {
                 .csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers(mvc.pattern(HttpMethod.POST, "/v1/user/login")).permitAll()
-                        .requestMatchers(mvc.pattern(HttpMethod.POST, "/v1/user")).permitAll()
                         .requestMatchers("/swagger-ui/**").permitAll()
                         .requestMatchers("/v1/api-docs/**").permitAll()
                         .anyRequest().authenticated()