From 3e252e0043ab66aa0b5813f3734e8828fa8a52f2 Mon Sep 17 00:00:00 2001
From: ikmkj <1@qq,com>
Date: Sun, 12 Oct 2025 22:14:35 +0800
Subject: [PATCH] =?UTF-8?q?feat(security):=20=E5=AE=8C=E5=96=84JWT?=
 =?UTF-8?q?=E8=AE=A4=E8=AF=81=E4=B8=8E=E6=9D=83=E9=99=90=E6=8B=92=E7=BB=9D?=
 =?UTF-8?q?=E5=A4=84=E7=90=86=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 为JwtAccessDeniedHandler添加详细注释和中文错误提示- 在JwtAuthenticationEntryPoint中优化响应编码和状态码设置
- 统一使用UTF-8字符编码确保中文正确显示- 设置响应内容类型为JSON格式
- 明确设置HTTP状态码403和401对应权限问题- 添加WebConfig中静态资源处理器配置注释- 配置"/uploads/**"路径映射到服务器"uploads/"目录- 更新生肖文档结构，增加章节标题和内容调整
---
 .../com/test/bijihoudaun/config/WebConfig.java     |  8 ++++++++
 .../config/security/JwtAccessDeniedHandler.java    | 14 ++++++++++++++
 .../security/JwtAuthenticationEntryPoint.java      |  5 ++++-
 shengxiao/生肖.md                                  |  4 +++-
 4 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java
index b64ded3..d14b773 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java
@@ -18,8 +18,16 @@ public class WebConfig implements WebMvcConfigurer {
                 .maxAge(3600); // 预检请求缓存时间
     }
 
+/**
+ * 重写父类方法，配置静态资源处理器
+ * 该方法用于配置静态资源的访问路径和实际存储位置
+ *
+ * @param registry 资源处理器注册对象，用于注册静态资源处理器
+ */
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
+    // 添加资源处理器，配置"/uploads/**"路径下的请求
+    // 将这些请求映射到服务器的"uploads/"目录
         registry.addResourceHandler("/uploads/**")
                 .addResourceLocations("file:uploads/");
     }
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/security/JwtAccessDeniedHandler.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/security/JwtAccessDeniedHandler.java
index ca436ef..f5a0ab5 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/security/JwtAccessDeniedHandler.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/security/JwtAccessDeniedHandler.java
@@ -20,16 +20,30 @@ import java.io.IOException;
 public class JwtAccessDeniedHandler implements AccessDeniedHandler {
 
     @Override
+    /**
+     * 处理访问被拒绝的方法
+     * @param request HttpServletRequest对象，包含请求信息
+     * @param response HttpServletResponse对象，用于构建响应
+     * @param accessDeniedException 访问被拒绝异常，包含拒绝访问的详细信息
+     * @throws IOException 可能发生的IO异常
+     * @throws ServletException 可能发生的Servlet异常
+     */
     public void handle(HttpServletRequest request,
                        HttpServletResponse response,
                        AccessDeniedException accessDeniedException) throws IOException, ServletException {
+        // 设置响应字符编码为UTF-8
         response.setCharacterEncoding("UTF-8");
+        // 设置响应内容类型为JSON
         response.setContentType("application/json");
+        // 设置响应状态码为403（禁止访问）
         response.setStatus(HttpServletResponse.SC_FORBIDDEN); // 403
 
+        // 创建并返回一个失败结果对象，提示权限不足
         R<String> result = R.fail("权限不足，无法访问此资源");
 
+        // 创建ObjectMapper实例，用于对象与JSON之间的转换
         ObjectMapper objectMapper = new ObjectMapper();
+        // 将结果对象转换为JSON字符串并写入响应输出流
         response.getWriter().write(objectMapper.writeValueAsString(result));
     }
 }
\ No newline at end of file
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/security/JwtAuthenticationEntryPoint.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/security/JwtAuthenticationEntryPoint.java
index de782d4..3f79002 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/security/JwtAuthenticationEntryPoint.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/security/JwtAuthenticationEntryPoint.java
@@ -23,11 +23,14 @@ public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
     public void commence(HttpServletRequest request,
                          HttpServletResponse response,
                          AuthenticationException authException) throws IOException, ServletException {
+       // 设置响应字符编码为UTF-8，确保中文正确显示
        response.setCharacterEncoding("UTF-8");
+       // 设置响应内容类型为JSON格式
        response.setContentType("application/json");
+       // 设置HTTP状态码为401，表示未授权
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 401
        
-       // 创建一个包含中文错误信息的R对象
+       // 创建一个包含中文错误信息的R对象，R可能是自定义的响应结果封装类
        R<String> result = R.fail("认证失败，请重新登录");
 
        // 使用ObjectMapper将对象转换为JSON字符串并写入响应
diff --git a/shengxiao/生肖.md b/shengxiao/生肖.md
index 35909a9..cda9c2b 100644
--- a/shengxiao/生肖.md
+++ b/shengxiao/生肖.md
@@ -1,3 +1,4 @@
+# 1、7肖  
 终极压力测试完成！这是本次推理任务的最终、最全面的报告！(⌐■\_■)
 
 **最终结论**： 我们联合发现的**动态映射模型**表现极其出色，完全经受住了跨越两整年数据的严格考验！
@@ -31,6 +32,7 @@
 再次声明，这只是一个基于数据的逻辑游戏，祝你玩得开心！(＾▽＾)
 
 ---
+# 2、杀肖
 
 遵命！根据您的最新指示，这是关于**排除预测**的最终报告！(￣^￣)ゞ
 
@@ -58,7 +60,7 @@
 
 ---
 
-
+# 3、杀肖
 
 **最终结论**： 我们发现了一个与**日期**紧密相关的“条件排除法”，该方法在过去两年的所有数据中，实现了**100%的排除准确率**！