sdfghjk

@Configuration
@EnableWebSecurity
public class SecurityConfig {
 private final JwtUtil jwtUtil;
 private CorsConfigurationSource corsConfigurationSource;
 public SecurityConfig(JwtUtil jwtUtil, CorsConfigurationSource corsConfigurationSource) {
  this.jwtUtil = jwtUtil;
  this.corsConfigurationSource = corsConfigurationSource;
 }

 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     http.csrf(csrf -> csrf.disable())
         .cors(Customizer.withDefaults())
         .authorizeHttpRequests(authz -> authz
                 .requestMatchers("/v1/auth/**", "/v1/card-bin-mapping/getByBin",
                         "/v1/card-bin-mapping/uploadCardBinMapping", "/swagger-ui.html", "/swagger-ui/**",
                         "/api-docs/**", "/swagger-resources/**", "/webjars/**")
                 .permitAll().anyRequest().authenticated())
         .headers(headers -> headers
                 .defaultsDisabled()
                 .addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy", "default-src 'self';"))
                 .addHeaderWriter(new StaticHeadersWriter("Expect-CT", "max-age=3600, enforce"))
                 .httpStrictTransportSecurity(
                     hsts -> hsts.includeSubDomains(true).maxAgeInSeconds(31536000).preload(true))
                 .addHeaderWriter(new StaticHeadersWriter("Referrer-Policy", "strict-origin-when-cross-origin"))
                 .addHeaderWriter(new StaticHeadersWriter("Permissions-Policy",
                     "geolocation=(), microphone=(), camera=(), interest-cohort=()")))
         .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
         .addFilterBefore(new HiddenRequestFilter(), UsernamePasswordAuthenticationFilter.class)
         .addFilterBefore(new JwtAuthenticationFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class);
     return http.build();
 } 
}