src/main/java/com/example/myproject/config/SecurityConfig.java - echo-backend - Gitiles

 package com.example.myproject.config;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;

 @EnableWebSecurity    //注解开启Spring Security的功能
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

     @Bean
     public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
         return authenticationConfiguration.getAuthenticationManager();
     }
     @Bean
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();//passwordEncoder的实现类
     }

     //构造一个内存框架对象，获取数据库中的数据
 /*    @Bean
     public UserDetailsService myUserDetailsService(){
         return new TestUserServerImpl();
     }*/
     //也可以自动注入

     //用户授权


     //用户权限认证
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
                 .csrf().disable() // 禁用 CSRF 保护
                 .authorizeRequests()
                 .antMatchers("/swagger-ui.html", "/webjars/**", "/v2/**", "/swagger-resources/**","/**").permitAll() // 允许无条件访问
                 .anyRequest().authenticated(); // 其他所有路径都需要身份验证
     }


     /**
      * 核心过滤器配置，更多使用ignoring()用来忽略对静态资源的控制
      */
     @Override
     public void configure(WebSecurity web) throws Exception {
         web
                 .ignoring()
                 .antMatchers("/image/**");
     }
 }
	package com.example.myproject.config;

	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.context.annotation.Bean;
	import org.springframework.security.authentication.AuthenticationManager;
	import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
	import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
	import org.springframework.security.config.annotation.web.builders.HttpSecurity;
	import org.springframework.security.config.annotation.web.builders.WebSecurity;
	import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
	import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
	import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
	import org.springframework.security.crypto.password.PasswordEncoder;

	@EnableWebSecurity //注解开启Spring Security的功能
	public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Bean
	public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
	return authenticationConfiguration.getAuthenticationManager();
	}
	@Bean
	public PasswordEncoder passwordEncoder() {
	return new BCryptPasswordEncoder();//passwordEncoder的实现类
	}

	//构造一个内存框架对象，获取数据库中的数据
	/* @Bean
	public UserDetailsService myUserDetailsService(){
	return new TestUserServerImpl();
	}*/
	//也可以自动注入

	//用户授权


	//用户权限认证
	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http
	.csrf().disable() // 禁用 CSRF 保护
	.authorizeRequests()
	.antMatchers("/swagger-ui.html", "/webjars/", "/v2/", "/swagger-resources/","/").permitAll() // 允许无条件访问
	.anyRequest().authenticated(); // 其他所有路径都需要身份验证
	}


	/**
	* 核心过滤器配置，更多使用ignoring()用来忽略对静态资源的控制
	*/
	@Override
	public void configure(WebSecurity web) throws Exception {
	web
	.ignoring()
	.antMatchers("/image/**");
	}
	}