fixes

Signed-off-by: Kirill Mokevnin <[email protected]>

Author: mokevnin

src/main/java/io/hexlet/blog/config/SecurityConfig.java

@@ -12,7 +12,10 @@ public class SecurityConfig {
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        // Customize as needed; minimal chain without deprecated APIs
+        http.authorizeHttpRequests(
+                auth -> auth.requestMatchers("/", "/about", "/error", "/favicon.ico", "/css/**", "/js/**", "/images/**")
+                        .permitAll().anyRequest().authenticated())
+                .csrf(csrf -> csrf.disable());
         return http.build();
     }
 }

src/main/java/io/hexlet/blog/controller/HelloController.java

@@ -2,11 +2,16 @@
 
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.servlet.view.RedirectView;
 
 @RestController
 public class HelloController {
     @GetMapping("/about")
     public String index() {
         return "A boilerplate created by Hexlet";
     }
+    @GetMapping("/")
+    public RedirectView root() {
+        return new RedirectView("/about");
+    }
 }

src/main/resources/application.yml

@@ -2,6 +2,7 @@
 logging:
   level:
     root: WARN
+    org.springframework.boot: INFO
     org:
       zalando:
         logbook: TRACE
@@ -16,6 +17,9 @@ spring:
   output:
     ansi:
       enabled: always
+  config:
+    activate:
+      on-profile: dev
 
 sentry:
   dsn: https://[email protected]/0