feat(security): 完善用户认证和权限管理

- 添加密码编码器，增强密码安全性 - 配置安全过滤链，实现无状态会话管理 - 更新用户详细信息获取逻辑，保留现有行为
2025-08-04 16:23:02 +08:00
parent cb374bbc91
commit 8a52ad708f
2 changed files with 5 additions and 2 deletions
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
@@ -39,17 +39,20 @@ public class SecurityConfig {
    @Value("${jwt.tokenHead}")
    private String tokenHead;

+
+    // 配置了密码编码器
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

+    // 配置了安全过滤器链
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter(userDetailsService, jwtTokenUtil, tokenHeader, tokenHead);

        http
-                .csrf(csrf -> csrf.disable())
+                .csrf(csrf -> csrf.disable())   // 配置了 CSRF 禁用、无状态会话管理
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(authz -> authz
                        // 1. 始终允许的核心公共端点 (登录、注册、API文档)