commit cf6dba2c467b27bb38074104632cc6831cb9de98
author 22301115 <22301115@bjtu.edu.cn> Tue Mar 25 19:06:21 2025 +0800
committer YelinCui <22301115@bjtu.edu.cn> Tue Apr 15 18:47:10 2025 +0800
tree 3e10dc777c07f4e605338ee7b2e31cc84e7f3140
parent 0e215e50c116ebc0262d3d399078ab9e9137a8d0

Initial empty repository

Change-Id: Ie0685414be5495d9da50d659d9ec16ae51487e46

src/main/java/com/example/myproject/config/SecurityConfig.java

diff --git a/src/main/java/com/example/myproject/config/SecurityConfig.java b/src/main/java/com/example/myproject/config/SecurityConfig.java
new file mode 100644
index 0000000..05cba5d
--- /dev/null
+++ b/src/main/java/com/example/myproject/config/SecurityConfig.java
@@ -0,0 +1,57 @@
+package com.example.myproject.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@EnableWebSecurity    //注解开启Spring Security的功能
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
+    }
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();//passwordEncoder的实现类
+    }
+
+    //构造一个内存框架对象，获取数据库中的数据
+/*    @Bean
+    public UserDetailsService myUserDetailsService(){
+        return new TestUserServerImpl();
+    }*/
+    //也可以自动注入
+
+    //用户授权
+
+
+    //用户权限认证
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                .csrf().disable() // 禁用 CSRF 保护
+                .authorizeRequests()
+                .antMatchers("/swagger-ui.html", "/webjars/**", "/v2/**", "/swagger-resources/**","/**").permitAll() // 允许无条件访问
+                .anyRequest().authenticated(); // 其他所有路径都需要身份验证
+    }
+
+
+    /**
+     * 核心过滤器配置，更多使用ignoring()用来忽略对静态资源的控制
+     */
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web
+                .ignoring()
+                .antMatchers("/image/**");
+    }
+}