From 8a52ad708fdc808a474880ff8d1d292990b91ccd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=BB=84=E5=AD=9F?= <3111696955@qq.com>
Date: Mon, 4 Aug 2025 16:23:02 +0800
Subject: [PATCH] =?UTF-8?q?feat(security):=20=E5=AE=8C=E5=96=84=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E8=AE=A4=E8=AF=81=E5=92=8C=E6=9D=83=E9=99=90=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 添加密码编码器，增强密码安全性
- 配置安全过滤链，实现无状态会话管理
- 更新用户详细信息获取逻辑，保留现有行为
---
 .../java/com/test/bijihoudaun/config/SecurityConfig.java     | 5 ++++-
 .../com/test/bijihoudaun/service/impl/UserServiceImpl.java   | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
index 4291759..6493f76 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
@@ -39,17 +39,20 @@ public class SecurityConfig {
     @Value("${jwt.tokenHead}")
     private String tokenHead;
 
+
+    // 配置了密码编码器
     @Bean
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
+    // 配置了安全过滤器链
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter(userDetailsService, jwtTokenUtil, tokenHeader, tokenHead);
 
         http
-                .csrf(csrf -> csrf.disable())
+                .csrf(csrf -> csrf.disable())   // 配置了 CSRF 禁用、无状态会话管理
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(authz -> authz
                         // 1. 始终允许的核心公共端点 (登录、注册、API文档)
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/UserServiceImpl.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/UserServiceImpl.java
index 5e658be..0ff53b3 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/UserServiceImpl.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/UserServiceImpl.java
@@ -36,7 +36,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
         if (user == null) {
             throw new UsernameNotFoundException("User not found with username: " + username);
         }
-        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), new ArrayList<>());
+        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), new ArrayList<>()); // 账号，密码，权限
     }
 
     @Override