回滚备份

2024-07-03 20:17:31 +08:00 · 2024-07-03 20:17:31 +08:00 · 1e202aa863
commit 1e202aa863
parent 14dcc9de06
4 changed files with 24 additions and 5 deletions
--- a/src/main/java/org/cmh/backend/Config/SecurityConfig.java
+++ b/src/main/java/org/cmh/backend/Config/SecurityConfig.java
@ -4,6 +4,8 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;

@Configuration
@ -13,11 +15,28 @@ public class SecurityConfig {
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        // Use the new API to disable CSRF
        http.csrf(AbstractHttpConfigurer::disable)
-                // Permit all requests
+                // Permit all requests to specific endpoints
                .authorizeHttpRequests(authorize -> authorize
-                        .anyRequest().permitAll()
+                        .requestMatchers("/users/register", "/users/login").permitAll() // Allow these endpoints without authentication
+                        .anyRequest().authenticated() // All other endpoints require authentication
+                )
+                // Configure form login
+                .formLogin(form -> form
+                        .loginPage("/login") // Custom login page (you need to create this endpoint)
+                        .permitAll()
+                )
+                // Configure logout
+                .logout(logout -> logout
+                        .logoutUrl("/logout")
+                        .logoutSuccessUrl("/login?logout")
+                        .permitAll()
                );

        return http.build();
    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }
--- a/src/main/java/org/cmh/backend/authentication/controller/UserController.java
+++ b/src/main/java/org/cmh/backend/authentication/controller/UserController.java
@ -20,4 +20,4 @@ public class UserController {
        User user = userService.getUserByUsername(username);
        return ResponseEntity.ok(user);
    }
-}
+}
--- a/src/main/java/org/cmh/backend/authentication/repository/UserRepository.java
+++ b/src/main/java/org/cmh/backend/authentication/repository/UserRepository.java
@ -5,4 +5,4 @@ import org.springframework.data.jpa.repository.JpaRepository;

 public interface UserRepository extends JpaRepository<User, Long> {
    User findByUsername(String username);
-}
+}
--- a/src/main/java/org/cmh/backend/authentication/service/UserService.java
+++ b/src/main/java/org/cmh/backend/authentication/service/UserService.java
@ -13,4 +13,4 @@ public class UserService {
    public User getUserByUsername(String username) {
        return userRepository.findByUsername(username);
    }
-}
+}