feat(security): 实现JWT认证并增强API安全控制

添加JWT依赖并实现token生成与验证功能在控制器方法上添加权限注解保护API端点更新安全配置以集成JWT过滤器移除无用的编码测试工具类修改JWT相关配置为更安全的设置
2025-11-03 16:14:53 +08:00
parent f6d1d719a9
commit 25eeab4940
16 changed files with 17549 additions and 2561 deletions
--- a/src/main/java/com/qf/myafterprojecy/config/SecurityConfig.java
+++ b/src/main/java/com/qf/myafterprojecy/config/SecurityConfig.java
@@ -32,6 +32,9 @@ public class SecurityConfig {
    @Autowired
    private PasswordEncoder passwordEncoder;

+    @Autowired
+    private JwtAuthenticationFilter jwtAuthenticationFilter;
+
    /**
     * 配置AuthenticationManager Bean
     * 使用AuthenticationConfiguration来获取认证管理器，这是更现代的方式
@@ -75,6 +78,9 @@ public class SecurityConfig {
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        
+        // 添加JWT认证过滤器
+        http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+        
        // 确保Spring Security不会添加额外的CharacterEncodingFilter
        // 因为我们在CharacterEncodingConfig中已经配置了自定义的过滤器
        http.addFilterBefore((request, response, chain) -> {
@@ -82,7 +88,7 @@ public class SecurityConfig {
            response.setCharacterEncoding("UTF-8");
            response.setContentType("text/html;charset=UTF-8");
            chain.doFilter(request, response);
-        }, UsernamePasswordAuthenticationFilter.class);
+        }, JwtAuthenticationFilter.class);
        
        return http.build();
    }