Merge pull request #28 from stevensblueprint/fix/security_config

Spring boot Profile security

src/main/java/com/sarapis/orservice/config/SecurityConfig.java

@@ -2,6 +2,7 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -11,11 +12,22 @@
 @EnableWebSecurity
 public class SecurityConfig {
   @Bean
-  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+  @Profile("prod")
+  public SecurityFilterChain prodSecurityFilterChain(HttpSecurity http) throws Exception {
     return http.authorizeHttpRequests(authorize ->
             authorize
                 .requestMatchers("/actuator/**").permitAll()
+                .requestMatchers("/").permitAll()
                 .anyRequest().authenticated())
         .csrf(AbstractHttpConfigurer::disable).build();
   }
+
+  @Bean
+  @Profile("dev")
+  public SecurityFilterChain devSecurityFilterChain(HttpSecurity http) throws Exception {
+    return http.authorizeHttpRequests(authorize ->
+        authorize
+            .requestMatchers("/**").permitAll()
+    ).build();
+  }
 }