| wuchimedes | 079c163 | 2025-04-02 22:01:20 +0800 | [diff] [blame] | 1 | package com.example.g8backend.config; |
| 2 | |
| 夜雨声烦 | 451d71c | 2025-05-20 00:58:36 +0800 | [diff] [blame] | 3 | import com.example.g8backend.filter.JwtAuthenticationFilter; |
| wuchimedes | 079c163 | 2025-04-02 22:01:20 +0800 | [diff] [blame] | 4 | import org.springframework.context.annotation.Bean; |
| 5 | import org.springframework.context.annotation.Configuration; |
| wuchimedes | 223bfab | 2025-04-04 17:16:05 +0800 | [diff] [blame] | 6 | import org.springframework.security.authentication.AuthenticationManager; |
| 7 | import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; |
| 8 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
| 夜雨声烦 | 451d71c | 2025-05-20 00:58:36 +0800 | [diff] [blame] | 9 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; |
| wuchimedes | 223bfab | 2025-04-04 17:16:05 +0800 | [diff] [blame] | 10 | import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; |
| wuchimedes | 079c163 | 2025-04-02 22:01:20 +0800 | [diff] [blame] | 11 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; |
| wuchimedes | 223bfab | 2025-04-04 17:16:05 +0800 | [diff] [blame] | 12 | import org.springframework.security.web.SecurityFilterChain; |
| 13 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
| wuchimedes | b4fbcdf | 2025-06-06 20:08:27 +0800 | [diff] [blame] | 14 | import org.springframework.web.cors.CorsConfiguration; |
| 15 | import org.springframework.web.cors.CorsConfigurationSource; |
| 16 | import org.springframework.web.cors.UrlBasedCorsConfigurationSource; |
| 17 | |
| 18 | import java.util.List; |
| wuchimedes | 079c163 | 2025-04-02 22:01:20 +0800 | [diff] [blame] | 19 | |
| wuchimedes | 079c163 | 2025-04-02 22:01:20 +0800 | [diff] [blame] | 20 | @Configuration |
| wuchimedes | 223bfab | 2025-04-04 17:16:05 +0800 | [diff] [blame] | 21 | @EnableWebSecurity |
| wuchimedes | 079c163 | 2025-04-02 22:01:20 +0800 | [diff] [blame] | 22 | public class SecurityConfig { |
| wuchimedes | 223bfab | 2025-04-04 17:16:05 +0800 | [diff] [blame] | 23 | private final JwtAuthenticationFilter jwtAuthenticationFilter; |
| 24 | |
| 25 | public SecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter) { |
| 26 | this.jwtAuthenticationFilter = jwtAuthenticationFilter; |
| 27 | } |
| 28 | |
| 29 | @Bean |
| 夜雨声烦 | 451d71c | 2025-05-20 00:58:36 +0800 | [diff] [blame] | 30 | public BCryptPasswordEncoder passwordEncoder() { |
| 31 | return new BCryptPasswordEncoder(); |
| 32 | } |
| 33 | |
| 34 | @Bean |
| wuchimedes | 223bfab | 2025-04-04 17:16:05 +0800 | [diff] [blame] | 35 | public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { |
| 36 | return http |
| 夜雨声烦 | 451d71c | 2025-05-20 00:58:36 +0800 | [diff] [blame] | 37 | .csrf(AbstractHttpConfigurer::disable) |
| wuchimedes | b4fbcdf | 2025-06-06 20:08:27 +0800 | [diff] [blame] | 38 | .cors() |
| 39 | .and() |
| 夜雨声烦 | 451d71c | 2025-05-20 00:58:36 +0800 | [diff] [blame] | 40 | .authorizeHttpRequests(auth -> auth |
| 夜雨声烦 | 451d71c | 2025-05-20 00:58:36 +0800 | [diff] [blame] | 41 | .requestMatchers("/admin/**").hasRole("ADMIN") |
| 夜雨声烦 | 451d71c | 2025-05-20 00:58:36 +0800 | [diff] [blame] | 42 | .requestMatchers("/user/signin").authenticated() |
| 夜雨声烦 | 451d71c | 2025-05-20 00:58:36 +0800 | [diff] [blame] | 43 | .anyRequest().permitAll() |
| 44 | ) |
| 45 | .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) |
| 46 | .build(); |
| wuchimedes | 223bfab | 2025-04-04 17:16:05 +0800 | [diff] [blame] | 47 | } |
| 48 | |
| 49 | @Bean |
| wuchimedes | b4fbcdf | 2025-06-06 20:08:27 +0800 | [diff] [blame] | 50 | public CorsConfigurationSource corsConfigurationSource() { |
| 51 | CorsConfiguration config = new CorsConfiguration(); |
| 52 | config.setAllowCredentials(true); |
| 53 | config.setAllowedOriginPatterns(List.of("http://localhost:8081")); // ✅ 尽量具体写域名 |
| 54 | config.setAllowedHeaders(List.of("*")); |
| 55 | config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); |
| 56 | |
| 57 | UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); |
| 58 | source.registerCorsConfiguration("/**", config); |
| 59 | return source; |
| 60 | } |
| 61 | |
| 62 | @Bean |
| wuchimedes | 223bfab | 2025-04-04 17:16:05 +0800 | [diff] [blame] | 63 | public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception { |
| 64 | return config.getAuthenticationManager(); |
| 65 | } |
| 夜雨声烦 | 451d71c | 2025-05-20 00:58:36 +0800 | [diff] [blame] | 66 | } |