feat(security): 完善用户认证和权限管理

- 添加密码编码器，增强密码安全性
- 配置安全过滤链，实现无状态会话管理
- 更新用户详细信息获取逻辑，保留现有行为

biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java

@@ -39,17 +39,20 @@ public class SecurityConfig {
     @Value("${jwt.tokenHead}")
     private String tokenHead;
 
+
+    // 配置了密码编码器
     @Bean
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
+    // 配置了安全过滤器链
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter(userDetailsService, jwtTokenUtil, tokenHeader, tokenHead);
 
         http
-                .csrf(csrf -> csrf.disable())
+                .csrf(csrf -> csrf.disable())   // 配置了 CSRF 禁用、无状态会话管理
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(authz -> authz
                         // 1. 始终允许的核心公共端点 (登录、注册、API文档)

biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/UserServiceImpl.java

@@ -36,7 +36,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
         if (user == null) {
             throw new UsernameNotFoundException("User not found with username: " + username);
         }
-        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), new ArrayList<>());
+        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), new ArrayList<>()); // 账号，密码，权限
     }
 
     @Override