Adjusts on module authenticatior

auth-service-api/build.gradle

@@ -1,6 +1,6 @@
 plugins {
 	id 'java'
-	id 'org.springframework.boot' version '3.5.8'
+	id 'org.springframework.boot' version '3.3.5'
 	id 'io.spring.dependency-management' version '1.1.7'
 	id 'org.graalvm.buildtools.native' version '0.10.6'
 }

auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/configs/SecurityConfig.java

@@ -0,0 +1,48 @@
+package br.com.rayankonecny.authserviceapi.configs;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+@Configuration
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+
+        http
+            .authorizeHttpRequests(auth -> auth
+                // AUTH
+                .requestMatchers("/auth/login").permitAll()
+
+                // SWAGGER / OPENAPI
+                .requestMatchers(
+                    "/v3/api-docs/**",
+                    "/swagger-ui/**",
+                    "/swagger-ui.html",
+                    "/swagger-ui/index.html"
+                ).permitAll()
+
+                // TODO o resto protegido
+                .anyRequest().authenticated()
+            )
+
+            // API pura → sem Basic
+            .httpBasic(httpBasic -> httpBasic.disable())
+
+            // Stateless (JWT)
+            .csrf(csrf -> csrf.disable())
+
+            // Sem sessão
+            .sessionManagement(session ->
+                session.sessionCreationPolicy(
+                    org.springframework.security.config.http.SessionCreationPolicy.STATELESS
+                )
+            );
+
+        return http.build();
+    }
+}

auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/controllers/exceptions/ControllerExceptionHandler.java

@@ -11,7 +11,6 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
 import jakarta.servlet.http.HttpServletRequest;
 
 import br.com.rayankonecny.hdcommoslib.models.exceptions.ValidationException;
-import br.com.rayankonecny.hdcommoslib.models.exceptions.ResourceNotFoundException;
 import br.com.rayankonecny.hdcommoslib.models.exceptions.StandardError;
 
 import static java.time.LocalDateTime.now;
@@ -24,20 +23,30 @@ import java.util.ArrayList;
 public class ControllerExceptionHandler {
 
   @ExceptionHandler(UsernameNotFoundException.class)
-  ResponseEntity<StandardError> handleNotFoundException(final ResourceNotFoundException ex,
+  ResponseEntity<StandardError> handleNotFoundException(final UsernameNotFoundException ex, final HttpServletRequest request) {
-      final HttpServletRequest request) {
+
     return ResponseEntity.status(NOT_FOUND).body(
 
-        StandardError.builder().timestamp(now()).status(NOT_FOUND.value()).error(NOT_FOUND.getReasonPhrase())
+        StandardError.builder()
-            .message(ex.getMessage()).path(request.getRequestURI()).build());
+                    .timestamp(now())
+                    .status(NOT_FOUND.value())
+                    .error(NOT_FOUND.getReasonPhrase())
+                    .message(ex.getMessage())
+                    .path(request.getRequestURI())
+                    .build());
   }
 
   @ExceptionHandler(MethodArgumentNotValidException.class)
-  ResponseEntity<StandardError> handleMethodArgumentNotValidException(final MethodArgumentNotValidException ex,
+  ResponseEntity<StandardError> handleMethodArgumentNotValidException(final MethodArgumentNotValidException ex, final HttpServletRequest request) {
-      final HttpServletRequest request) {
 
-    var error = ValidationException.builder().timestamp(now()).status(BAD_REQUEST.value()).error("Validation Exception")
+      var error = ValidationException.builder()
-        .message("Exception in validation attributes").path(request.getRequestURI()).errors(new ArrayList<>()).build();
+                                    .timestamp(now())
+                                    .status(BAD_REQUEST.value())
+                                    .error("Validation Exception")
+          .message("Exception in validation attributes")
+          .path(request.getRequestURI())
+          .errors(new ArrayList<>())
+          .build();
 
     for (FieldError fieldError : ex.getBindingResult().getFieldErrors()) {
       error.addError(fieldError.getField(), fieldError.getDefaultMessage());

auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/utils/JwtKeyProvider.java

@@ -1,23 +0,0 @@
-package br.com.rayankonecny.authserviceapi.utils;
-
-import io.jsonwebtoken.security.Keys;
-
-import javax.crypto.SecretKey;
-import java.util.Base64;
-
-public final class JwtKeyProvider {
-
-  // 🔥 REGRA DE OURO:
-  // Isso NÃO deve ficar hardcoded em produção.
-  // Use ENV VAR, Vault, Kubernetes Secret, etc.
-  private static final String BASE64_SECRET = "c3VwZXItc2VndXJhLWNoYXZlLWp3dC1jb20tMzItYnl0ZXM=";
-
-  private JwtKeyProvider() {
-    // evita instância acidental
-  }
-
-  public static SecretKey getKey() {
-    byte[] keyBytes = Base64.getDecoder().decode(BASE64_SECRET);
-    return Keys.hmacShaKeyFor(keyBytes);
-  }
-}