回滚备份

src/main/java/org/cmh/backend/Config/SecurityConfig.java

@@ -4,6 +4,8 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
@@ -13,11 +15,28 @@ public class SecurityConfig {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         // Use the new API to disable CSRF
         http.csrf(AbstractHttpConfigurer::disable)
-                // Permit all requests
+                // Permit all requests to specific endpoints
                 .authorizeHttpRequests(authorize -> authorize
-                        .anyRequest().permitAll()
+                        .requestMatchers("/users/register", "/users/login").permitAll() // Allow these endpoints without authentication
+                        .anyRequest().authenticated() // All other endpoints require authentication
+                )
+                // Configure form login
+                .formLogin(form -> form
+                        .loginPage("/login") // Custom login page (you need to create this endpoint)
+                        .permitAll()
+                )
+                // Configure logout
+                .logout(logout -> logout
+                        .logoutUrl("/logout")
+                        .logoutSuccessUrl("/login?logout")
+                        .permitAll()
                 );
 
         return http.build();
     }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }