openvidu-server: update SecurityConfig.java to be reused

openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java

@@ -49,10 +49,31 @@ public class SecurityConfig {
 
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+		// Configure CORS and CSRF
+		configureHttpSecurity(http);
 		
+		// Configure authorization rules
+		configureAuthorization(http);
+		
+		// Configure HTTP Basic authentication
+		http.httpBasic(httpBasic -> {});
+
+		return http.build();
+	}
+
+	/**
+	 * Configure CORS and CSRF settings. Can be overridden by subclasses.
+	 */
+	protected void configureHttpSecurity(HttpSecurity http) throws Exception {
 		http.cors(cors -> cors.disable())
-			.csrf(csrf -> csrf.disable())
+			.csrf(csrf -> csrf.disable());
-			.authorizeHttpRequests(auth -> {
+	}
+
+	/**
+	 * Configure authorization rules for CE. Can be extended by PRO subclass.
+	 */
+	protected void configureAuthorization(HttpSecurity http) throws Exception {
+		http.authorizeHttpRequests(auth -> {
 			auth.requestMatchers(HttpMethod.GET, RequestMappings.API + "/config/openvidu-publicurl").permitAll()
 				.requestMatchers(HttpMethod.GET, RequestMappings.ACCEPT_CERTIFICATE).permitAll()
 				.requestMatchers("/openvidu/**").permitAll()  // Allow WebSocket connections
@@ -67,10 +88,7 @@ public class SecurityConfig {
 			} else {
 				auth.requestMatchers(HttpMethod.GET, RequestMappings.RECORDINGS + "/**").hasRole("ADMIN");
 			}
-			})
+		});
-			.httpBasic(httpBasic -> {});
-
-		return http.build();
 	}
 
 	@Bean