fdzcxy212206231
/
bloggingplatform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

登录已连接

Browse Source
feature-branch
今日不开张 4 months ago
parent 32c9f424b1
commit d9548a4fce
7 changed files with 2326 additions and 48 deletions
Show Stats Download Patch File Download Diff File

BIN
demo/data/mydb.mv.db
View File

Binary file not shown.

2273
demo/data/mydb.trace.db
View File

File diff suppressed because it is too large Load Diff

15
demo/src/main/java/com/example/demo/config/AppConfig.java
Unescape View File

@ -1,15 +0,0 @@
package com.example.demo.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class AppConfig {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

23
demo/src/main/java/com/example/demo/config/CorsConfig.java
Unescape View File

@ -1,23 +0,0 @@
package com.example.demo.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
public class CorsConfig {
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true); // 允许携带凭证如cookies
config.addAllowedOrigin("http://localhost:5173"); // 允许来自Vue.js开发服务器的请求
config.addAllowedHeader("*"); // 允许所有头部
config.addAllowedMethod("*"); // 允许所有HTTP方法
source.registerCorsConfiguration("/**", config); // 应用到所有路径
return new CorsFilter(source);
}
}

58
demo/src/main/java/com/example/demo/config/SecurityConfig.java
Unescape View File

@ -2,37 +2,79 @@ package com.example.demo.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import java.util.List;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
private final UserDetailsService userDetailsService;
public SecurityConfig(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.cors().and()
.csrf().disable()
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/api/users/register", "/api/users/login").permitAll() // 允许注册和登录请求
.anyRequest().authenticated() // 其他所有请求都需要认证
.requestMatchers("/api/users/register", "/api/users/login").permitAll()
.anyRequest().authenticated()
)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 如果不使用会话状态例如使用JWT可以设置为STATELESS
);
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
.csrf().disable();
return http.build();
}
private UrlBasedCorsConfigurationSource corsConfigurationSource() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("http://localhost:5173");
config.addAllowedHeader("*");
config.addAllowedMethod(HttpMethod.GET);
config.addAllowedMethod(HttpMethod.POST);
config.addAllowedMethod(HttpMethod.PUT);
config.addAllowedMethod(HttpMethod.DELETE);
config.addAllowedMethod(HttpMethod.OPTIONS);
source.registerCorsConfiguration("/**", config);
return source;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
@Bean
public AuthenticationManager authenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authConfig) throws Exception {
return authConfig.getAuthenticationManager();
public AuthenticationManager authenticationManager(AuthenticationProvider authenticationProvider) {
return new ProviderManager(List.of(authenticationProvider));
}
}

2
demo/src/main/java/com/example/demo/controller/UserController.java
Unescape View File

@ -16,7 +16,7 @@ import org.springframework.web.bind.annotation.*;
@RestController
@CrossOrigin(origins = "http://localhost:5137") // 允许来自前端开发服务器的请求
@CrossOrigin(origins = "http://localhost:5137/") // 允许来自前端开发服务器的请求
@RequestMapping("/api/users")
public class UserController {

1
demo/src/main/resources/application.properties
Unescape View File

@ -20,3 +20,4 @@ spring.h2.console.path=/h2-console # 注意这里修复了路径拼写错误
server.error.include-stacktrace=always
server.error.include-message=always
logging.level.org.springframework.security=DEBUG
Write Preview
Loading…
Cancel
Save