From e0368c1eec9009d7f01ac4c50c9fcb0f7263eb9f Mon Sep 17 00:00:00 2001
From: EgorSivenko <egor.siv20@gmail.com>
Date: Thu, 18 Apr 2024 12:24:10 +0300
Subject: [PATCH 1/2] Updated a base URL path for link controller endpoints

---
 .../com/linkurlshorter/urlshortener/link/LinkController.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/linkurlshorter/urlshortener/link/LinkController.java b/src/main/java/com/linkurlshorter/urlshortener/link/LinkController.java
index 51f0acc..a915c86 100644
--- a/src/main/java/com/linkurlshorter/urlshortener/link/LinkController.java
+++ b/src/main/java/com/linkurlshorter/urlshortener/link/LinkController.java
@@ -25,7 +25,7 @@
  */
 @RestController
 @RequiredArgsConstructor
-@RequestMapping("/link")
+@RequestMapping("/api/V1/link")
 public class LinkController {
     private static final int SHORT_LINK_LIFETIME_IN_DAYS = 30;
     private static final String OPERATION_FORBIDDEN_MSG = "Operation forbidden!";

From 9c016b41c45bcff58f34418adf4fed61b1120cd2 Mon Sep 17 00:00:00 2001
From: EgorSivenko <egor.siv20@gmail.com>
Date: Thu, 18 Apr 2024 12:26:35 +0300
Subject: [PATCH 2/2] Improved the security configuration for all existing
 endpoints

---
 .../urlshortener/security/SecurityConfig.java            | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/linkurlshorter/urlshortener/security/SecurityConfig.java b/src/main/java/com/linkurlshorter/urlshortener/security/SecurityConfig.java
index 46a86a6..3bdddbc 100644
--- a/src/main/java/com/linkurlshorter/urlshortener/security/SecurityConfig.java
+++ b/src/main/java/com/linkurlshorter/urlshortener/security/SecurityConfig.java
@@ -4,6 +4,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -52,9 +53,11 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http
                 .csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
-                        .requestMatchers("/api/V1/auth/**").permitAll()
-                        .requestMatchers("/api/V1/user/**").authenticated()
-                        .anyRequest().permitAll()
+                        .requestMatchers(HttpMethod.POST, "/api/V1/auth/**").permitAll()
+                        .requestMatchers(HttpMethod.POST, "/api/V1/user/**").authenticated()
+                        .requestMatchers(HttpMethod.GET, "/*").permitAll()
+                        .requestMatchers("/api/V1/link/**").authenticated()
+                        .anyRequest().denyAll()
                 )
                 .userDetailsService(customUserDetailsService)
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))