From 8e20b100ebef3203a20a37d73ad1c088527f41a9 Mon Sep 17 00:00:00 2001
From: mukeshs <mukesh@rootxwire.com>
Date: Fri, 10 Oct 2025 11:08:41 +0530
Subject: [PATCH] Image error solve update

---
 .../backend/config/SecurityConfig.java        | 49 +++++++++----------
 1 file changed, 23 insertions(+), 26 deletions(-)

diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
index 7c5b4e7..c1a808f 100644
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
@@ -7,6 +7,7 @@ import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthenticati
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthorizationFilter;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -17,9 +18,11 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
+import java.util.Arrays;
 import java.util.List;
 
 import static org.springframework.http.HttpMethod.*;
@@ -27,6 +30,7 @@ import static org.springframework.http.HttpMethod.*;
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 @RequiredArgsConstructor
+@Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     private final JwtAuthorizationFilter jwtAuthorizationFilter;
@@ -38,11 +42,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Value("${app.public-urls}")
     private String[] publicUrls;
 
+    @Value("${app.cors.allowed-origins}")
+    private String[] allowedOrigins;
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-
         http.csrf().disable();
 
+        // ✅ Enable Spring Security CORS support
         http.cors();
 
         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
@@ -60,9 +67,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth
-                .userDetailsService(userDetailsService)
-                .passwordEncoder(passwordEncoder);
+        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
     }
 
     @Bean
@@ -71,28 +76,20 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         return super.authenticationManagerBean();
     }
 
+    // ✅ This is the correct, Security-compatible CORS configuration
     @Bean
-    public WebMvcConfigurer corsConfigurer(@Value("${app.cors.allowed-origins}") String[] allowedOrigins) {
-        return new WebMvcConfigurer() {
-            @Override
-            public void addCorsMappings(CorsRegistry registry) {
-                registry.addMapping("/user/login")
-                        .allowedOrigins(allowedOrigins)
-                        .exposedHeaders(SecurityConstants.JWT_TOKEN_HEADER);
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOrigins(Arrays.asList(allowedOrigins));
+        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
+        config.setAllowedHeaders(Arrays.asList("*"));
+        config.setExposedHeaders(Arrays.asList(SecurityConstants.JWT_TOKEN_HEADER));
+        config.setAllowCredentials(true);
+        config.setMaxAge(3600L); // Cache preflight for 1 hour
 
-                String[] allowedMethods = List.of(GET, POST, PUT, DELETE, OPTIONS)  // Add OPTIONS
-                        .stream()
-                        .map(Enum::name)
-                        .toArray(String[]::new);
-
-                registry.addMapping("/**")
-                        .allowedMethods(allowedMethods)
-                        .allowedOrigins(allowedOrigins)
-                        .allowedHeaders("*")              // Add this
-                        .allowCredentials(true)           // Add this
-                        .maxAge(3600);                    // Add this
-            }
-        };
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return source;
     }
 
 }