Gitiles
Code Review Sign In
gerrit.lilingkun.com / echo-backend / cf6dba2c467b27bb38074104632cc6831cb9de98^! / . / src / main / java / com / example / myproject / config
commitcf6dba2c467b27bb38074104632cc6831cb9de98[log] [tgz]
author22301115 <22301115@bjtu.edu.cn>Tue Mar 25 19:06:21 2025 +0800
committerYelinCui <22301115@bjtu.edu.cn>Tue Apr 15 18:47:10 2025 +0800
tree3e10dc777c07f4e605338ee7b2e31cc84e7f3140
parent0e215e50c116ebc0262d3d399078ab9e9137a8d0 [diff]
Initial empty repository

Change-Id: Ie0685414be5495d9da50d659d9ec16ae51487e46

diff --git a/src/main/java/com/example/myproject/config/GlobalCorsConfig.java b/src/main/java/com/example/myproject/config/GlobalCorsConfig.java
new file mode 100644
index 0000000..909ead8
--- /dev/null
+++ b/src/main/java/com/example/myproject/config/GlobalCorsConfig.java

@@ -0,0 +1,32 @@
+package com.example.myproject.config;
+
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@EnableWebMvc
+@Configuration
+public class GlobalCorsConfig  {
+    @Bean
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/**")    //添加映射路径,“/**”表示对所有的路径实行全局跨域访问权限的设置
+                        .allowedOriginPatterns("*")    //开放哪些ip、端口、域名的访问权限 SpringBoot2.4.0以后allowedOrigins被allowedOriginPatterns代替
+                        .allowCredentials(true)  //是否允许发送Cookie信息
+                        .allowedMethods("GET", "POST", "PUT", "DELETE")     //开放哪些Http方法,允许跨域访问
+                        .allowedHeaders("*")     //允许HTTP请求中的携带哪些Header信息
+                        .exposedHeaders("*");   //暴露哪些头部信息(因为跨域访问默认不能获取全部头部信息)
+            }
+        };
+    }
+
+
+
+
+}

diff --git a/src/main/java/com/example/myproject/config/SecurityConfig.java b/src/main/java/com/example/myproject/config/SecurityConfig.java
new file mode 100644
index 0000000..05cba5d
--- /dev/null
+++ b/src/main/java/com/example/myproject/config/SecurityConfig.java

@@ -0,0 +1,57 @@
+package com.example.myproject.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@EnableWebSecurity    //注解开启Spring Security的功能
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
+    }
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();//passwordEncoder的实现类
+    }
+
+    //构造一个内存框架对象,获取数据库中的数据
+/*    @Bean
+    public UserDetailsService myUserDetailsService(){
+        return new TestUserServerImpl();
+    }*/
+    //也可以自动注入
+
+    //用户授权
+
+
+    //用户权限认证
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                .csrf().disable() // 禁用 CSRF 保护
+                .authorizeRequests()
+                .antMatchers("/swagger-ui.html", "/webjars/**", "/v2/**", "/swagger-resources/**","/**").permitAll() // 允许无条件访问
+                .anyRequest().authenticated(); // 其他所有路径都需要身份验证
+    }
+
+
+    /**
+     * 核心过滤器配置,更多使用ignoring()用来忽略对静态资源的控制
+     */
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web
+                .ignoring()
+                .antMatchers("/image/**");
+    }
+}