Merge remote-tracking branch 'origin/main'

Andres2204 · Andres2204 · commit 9f975e145eac · 2025-10-19T19:36:48.000-05:00
diff --git a/src/main/java/smartpot/com/api/Security/Config/SecurityConfiguration.java b/src/main/java/smartpot/com/api/Security/Config/SecurityConfiguration.java
@@ -58,14 +58,17 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSec) throws Exce
         }
 
         return httpSec
-                .csrf(Customizer.withDefaults()) // Enable CSRF protection
-                .cors(cors -> cors.configurationSource(corsConfig))
-                .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
-                    authorizationManagerRequestMatcherRegistry.requestMatchers(publicRoutesList.toArray(new String[0])).permitAll();
-                    authorizationManagerRequestMatcherRegistry.anyRequest().authenticated();
+                .csrf(csrf -> csrf.disable()) // ← Deshabilitar CSRF para APIs REST
+                .cors(cors -> cors.configurationSource(corsConfig)) // ✅ Ya está bien
+                .authorizeHttpRequests(auth -> {
+                    auth.requestMatchers(publicRoutesList.toArray(new String[0])).permitAll();
+                    auth.anyRequest().authenticated();
                 })
-                .httpBasic(Customizer.withDefaults())
-                .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .httpBasic(httpBasic -> httpBasic.disable()) // ← Deshabilitar HTTP Basic
+                .formLogin(formLogin -> formLogin.disable())  // ← Deshabilitar form login
+                .sessionManagement(session ->
+                        session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                )
                 .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
                 .build();
     }
