Image error solve update

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java

@@ -7,6 +7,7 @@ import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthenticati
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthorizationFilter;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -17,9 +18,11 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
+import java.util.Arrays;
 import java.util.List;
 
 import static org.springframework.http.HttpMethod.*;
@@ -27,6 +30,7 @@ import static org.springframework.http.HttpMethod.*;
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 @RequiredArgsConstructor
+@Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     private final JwtAuthorizationFilter jwtAuthorizationFilter;
@@ -38,11 +42,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Value("${app.public-urls}")
     private String[] publicUrls;
 
+    @Value("${app.cors.allowed-origins}")
+    private String[] allowedOrigins;
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-
         http.csrf().disable();
 
+        // ✅ Enable Spring Security CORS support
         http.cors();
 
         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
@@ -60,9 +67,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth
+        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
-                .userDetailsService(userDetailsService)
-                .passwordEncoder(passwordEncoder);
     }
 
     @Bean
@@ -71,28 +76,20 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         return super.authenticationManagerBean();
     }
 
+    // ✅ This is the correct, Security-compatible CORS configuration
     @Bean
-    public WebMvcConfigurer corsConfigurer(@Value("${app.cors.allowed-origins}") String[] allowedOrigins) {
+    public CorsConfigurationSource corsConfigurationSource() {
-        return new WebMvcConfigurer() {
+        CorsConfiguration config = new CorsConfiguration();
-            @Override
+        config.setAllowedOrigins(Arrays.asList(allowedOrigins));
-            public void addCorsMappings(CorsRegistry registry) {
+        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
-                registry.addMapping("/user/login")
+        config.setAllowedHeaders(Arrays.asList("*"));
-                        .allowedOrigins(allowedOrigins)
+        config.setExposedHeaders(Arrays.asList(SecurityConstants.JWT_TOKEN_HEADER));
-                        .exposedHeaders(SecurityConstants.JWT_TOKEN_HEADER);
+        config.setAllowCredentials(true);
+        config.setMaxAge(3600L); // Cache preflight for 1 hour
 
-                String[] allowedMethods = List.of(GET, POST, PUT, DELETE, OPTIONS)  // Add OPTIONS
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-                        .stream()
+        source.registerCorsConfiguration("/**", config);
-                        .map(Enum::name)
+        return source;
-                        .toArray(String[]::new);
-
-                registry.addMapping("/**")
-                        .allowedMethods(allowedMethods)
-                        .allowedOrigins(allowedOrigins)
-                        .allowedHeaders("*")              // Add this
-                        .allowCredentials(true)           // Add this
-                        .maxAge(3600);                    // Add this
-            }
-        };
     }
 
 }