AKAxedx/gc-plan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f95aa1872432e6f86a506d640183b0880c2941a5
gc-plan/week5/src/main/java/com/learn/config/SecurityConfig.java
akaxedx f95aa18724 Week 1-8: Spring Boot 学习计划完整项目 
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-29 23:45:17 +08:00

67 lines
2.9 KiB
Java
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package com.learn.config;
import com.learn.security.JwtAuthFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
* Spring Security 配置(第 1-3 天)
*
* 核心设计:
* 1. 无状态会话JWT不依赖 Cookie/Session
* 2. 自定义 JWT 过滤器在 UsernamePasswordAuthenticationFilter 之前执行
* 3. RBACADMIN 可增删改USER 只能查
* 4. 公开 /api/auth/** 和 Actuator 端点
*/
@Configuration
@EnableWebSecurity
@EnableMethodSecurity // 开启方法级安全注解(第 3 天)
public class SecurityConfig {
private final JwtAuthFilter jwtAuthFilter;
public SecurityConfig(JwtAuthFilter jwtAuthFilter) {
this.jwtAuthFilter = jwtAuthFilter;
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(csrf -> csrf.disable()) // 前后端分离,禁用 CSRF
.sessionManagement(sm -> sm
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 无状态
.authorizeHttpRequests(auth -> auth
// 公开接口
.requestMatchers("/api/auth/**").permitAll()
.requestMatchers("/actuator/**").permitAll()
.requestMatchers("/", "/index.html", "/css/**", "/js/**").permitAll()
// 查询USER 及以上
.requestMatchers(HttpMethod.GET, "/api/students/**").hasAnyRole("ADMIN", "USER")
// 增删改:仅 ADMIN第 3 天 RBAC
.requestMatchers(HttpMethod.POST, "/api/students/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.PUT, "/api/students/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.DELETE, "/api/students/**").hasRole("ADMIN")
// 其他请求需认证
.anyRequest().authenticated()
)
// 在用户名密码过滤器之前插入 JWT 过滤器
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(); // BCrypt 加密,不可逆
}
}
Reference in New Issue View Git Blame Copy Permalink