package ru.digitalbanana.demoresourceserver.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
      http.cors()
          .and()
            .authorizeRequests()
              .antMatchers(HttpMethod.GET, "/userinfo", "/user/**")
                .authenticated()
                // .hasAuthority("SCOPE_web-api")
              .anyRequest()
                .authenticated()
          .and()
            .oauth2ResourceServer()
              .jwt();
    }
}