@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((authz) -> authz
.requestMatchers(
new AntPathRequestMatcher("/actuator/**")
).permitAll()
.requestMatchers(
new AntPathRequestMatcher("/h2-console/**")
).permitAll()
.anyRequest().authenticated()
);
http.csrf((csrf) ->
csrf.ignoringRequestMatchers(
new AntPathRequestMatcher("/h2-console/**")
).csrfTokenRepository(
CookieCsrfTokenRepository.withHttpOnlyFalse()
)
);
http.headers((headers) -> headers
.frameOptions(
HeadersConfigurer.FrameOptionsConfig::disable
)
);
return http.build();
}