@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception {
MvcRequestMatcher.Builder mvcRequestMatcher = new MvcRequestMatcher.Builder(introspector);
http.csrf(csrf -> csrf
.ignoringRequestMatchers(toH2Console()).disable())
.authorizeHttpRequests(auth -> auth
.requestMatchers(toH2Console()).permitAll()
.requestMatchers(mvcRequestMatcher.pattern("/api/**")).permitAll()
.anyRequest().authenticated()
);
http.headers(headers -> headers.frameOptions((frameOptions) -> frameOptions.disable()));
http.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
return http.build();
}
