From 279f025432f35c0b40965812e0435716ddfeef3c Mon Sep 17 00:00:00 2001
From: mukeshs <mukesh@rootxwire.com>
Date: Fri, 10 Oct 2025 11:33:53 +0530
Subject: [PATCH] Image error solve update

---
 .../backend/config/SecurityConfig.java         | 10 +++-------
 .../backend/config/WebConfig.java              | 18 +++---------------
 2 files changed, 6 insertions(+), 22 deletions(-)

diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
index c1a808f..c8ed55e 100644
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
@@ -23,9 +23,8 @@ import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import java.util.Arrays;
-import java.util.List;
 
-import static org.springframework.http.HttpMethod.*;
+import static org.springframework.http.HttpMethod.POST;
 
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
@@ -48,14 +47,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.csrf().disable();
-
-        // ✅ Enable Spring Security CORS support
         http.cors();
 
         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
 
         http.authorizeRequests()
                 .antMatchers(publicUrls).permitAll()
+                .antMatchers(POST, "/api/files/upload").permitAll() // Allow file uploads
                 .anyRequest().authenticated();
 
         http.exceptionHandling()
@@ -76,7 +74,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         return super.authenticationManagerBean();
     }
 
-    // ✅ This is the correct, Security-compatible CORS configuration
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
@@ -85,11 +82,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         config.setAllowedHeaders(Arrays.asList("*"));
         config.setExposedHeaders(Arrays.asList(SecurityConstants.JWT_TOKEN_HEADER));
         config.setAllowCredentials(true);
-        config.setMaxAge(3600L); // Cache preflight for 1 hour
+        config.setMaxAge(3600L); // 1 hour
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", config);
         return source;
     }
-
 }
diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/WebConfig.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/WebConfig.java
index 32d4f36..52eac69 100644
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/WebConfig.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/WebConfig.java
@@ -2,7 +2,6 @@ package net.shyshkin.study.fullstack.supportportal.backend.config;
 
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@@ -14,28 +13,17 @@ public class WebConfig implements WebMvcConfigurer {
     @Value("${file.upload.directory}")
     private String uploadDirectory;
 
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOrigins(
-                        "https://cmcadminfrontend.rootxwire.com",
-                        "https://maincmc.rootxwire.com",
-                        "http://localhost:4200"
-                )
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                .allowedHeaders("*")
-                .allowCredentials(true);
-    }
-
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
+        // Ensure the path ends with a separator
         String uploadPath = uploadDirectory;
         if (!uploadPath.endsWith(File.separator)) {
             uploadPath += File.separator;
         }
 
+        // Serve uploaded files under /uploads/**
         registry.addResourceHandler("/uploads/**")
                 .addResourceLocations("file:" + uploadPath)
-                .setCachePeriod(3600);
+                .setCachePeriod(3600); // Cache for 1 hour
     }
 }