From 1e202aa8637210b51b558f467e085fae8ea3dd5e Mon Sep 17 00:00:00 2001 From: Sparkfreeman <2440444538@qq.com> Date: Wed, 3 Jul 2024 20:17:31 +0800 Subject: [PATCH] =?UTF-8?q?=E5=9B=9E=E6=BB=9A=E5=A4=87=E4=BB=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cmh/backend/Config/SecurityConfig.java | 23 +++++++++++++++++-- .../controller/UserController.java | 2 +- .../repository/UserRepository.java | 2 +- .../authentication/service/UserService.java | 2 +- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/cmh/backend/Config/SecurityConfig.java b/src/main/java/org/cmh/backend/Config/SecurityConfig.java index c917d0a..6ca67b9 100644 --- a/src/main/java/org/cmh/backend/Config/SecurityConfig.java +++ b/src/main/java/org/cmh/backend/Config/SecurityConfig.java @@ -4,6 +4,8 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; @Configuration @@ -13,11 +15,28 @@ public class SecurityConfig { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // Use the new API to disable CSRF http.csrf(AbstractHttpConfigurer::disable) - // Permit all requests + // Permit all requests to specific endpoints .authorizeHttpRequests(authorize -> authorize - .anyRequest().permitAll() + .requestMatchers("/users/register", "/users/login").permitAll() // Allow these endpoints without authentication + .anyRequest().authenticated() // All other endpoints require authentication + ) + // Configure form login + .formLogin(form -> form + .loginPage("/login") // Custom login page (you need to create this endpoint) + .permitAll() + ) + // Configure logout + .logout(logout -> logout + .logoutUrl("/logout") + .logoutSuccessUrl("/login?logout") + .permitAll() ); return http.build(); } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } } diff --git a/src/main/java/org/cmh/backend/authentication/controller/UserController.java b/src/main/java/org/cmh/backend/authentication/controller/UserController.java index f4e6aae..0fc8dc7 100644 --- a/src/main/java/org/cmh/backend/authentication/controller/UserController.java +++ b/src/main/java/org/cmh/backend/authentication/controller/UserController.java @@ -20,4 +20,4 @@ public class UserController { User user = userService.getUserByUsername(username); return ResponseEntity.ok(user); } -} +} \ No newline at end of file diff --git a/src/main/java/org/cmh/backend/authentication/repository/UserRepository.java b/src/main/java/org/cmh/backend/authentication/repository/UserRepository.java index 2c5116e..b1dae57 100644 --- a/src/main/java/org/cmh/backend/authentication/repository/UserRepository.java +++ b/src/main/java/org/cmh/backend/authentication/repository/UserRepository.java @@ -5,4 +5,4 @@ import org.springframework.data.jpa.repository.JpaRepository; public interface UserRepository extends JpaRepository { User findByUsername(String username); -} +} \ No newline at end of file diff --git a/src/main/java/org/cmh/backend/authentication/service/UserService.java b/src/main/java/org/cmh/backend/authentication/service/UserService.java index 30e5134..0bdd5a0 100644 --- a/src/main/java/org/cmh/backend/authentication/service/UserService.java +++ b/src/main/java/org/cmh/backend/authentication/service/UserService.java @@ -13,4 +13,4 @@ public class UserService { public User getUserByUsername(String username) { return userRepository.findByUsername(username); } -} +} \ No newline at end of file