安全框架和api文档框架升级到springboot3版本

2023-11-13 21:12:03 +08:00 · 2023-11-13 21:12:03 +08:00 · 8da2bb00b3
commit 8da2bb00b3
parent 3cbba4d854
8 changed files with 136 additions and 256 deletions
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@ -0,0 +1,15 @@
 {
    // 使用 IntelliSense 了解相关属性。 
    // 悬停以查看现有属性的描述。
    // 欲了解更多信息，请访问: https://go.microsoft.com/fwlink/?linkid=830387
    "version": "0.2.0",
    "configurations": [
        {
            "type": "java",
            "name": "RuoYiApplication",
            "request": "launch",
            "mainClass": "com.ruoyi.RuoYiApplication",
            "projectName": "ruoyi-admin"
        }
    ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -0,0 +1,3 @@
 {
    "java.configuration.updateBuildConfiguration": "interactive"
 }
--- a/pom.xml
+++ b/pom.xml
@ -1,8 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
 	<modelVersion>4.0.0</modelVersion>
    <groupId>com.ruoyi</groupId>
    <artifactId>ruoyi</artifactId>
@ -36,7 +35,7 @@
        <poi.version>4.1.2</poi.version>
        <velocity.version>2.3</velocity.version>
        <jwt.version>0.9.1</jwt.version>
-        <knife4j.version>3.0.3</knife4j.version>
+        <knife4j.version>4.3.0</knife4j.version>
    </properties>
@ -44,11 +43,11 @@
    <dependencyManagement>
        <dependencies>
            <!-- servlet包 -->
-<!--            <dependency>-->
+            <!--            <dependency>-->
-<!--                <groupId>javax.servlet</groupId>-->
+            <!--                <groupId>javax.servlet</groupId>-->
-<!--                <artifactId>javax.servlet-api</artifactId>-->
+            <!--                <artifactId>javax.servlet-api</artifactId>-->
-<!--                <version>4.0.1</version>-->
+            <!--                <version>4.0.1</version>-->
-<!--            </dependency>-->
+            <!--            </dependency>-->
            <dependency>
                <groupId>javax.xml.bind</groupId>
@ -57,13 +56,13 @@
            </dependency>
            <!-- SpringBoot的依赖配置-->
-<!--            <dependency>-->
+            <!--            <dependency>-->
-<!--                <groupId>org.springframework.boot</groupId>-->
+            <!--                <groupId>org.springframework.boot</groupId>-->
-<!--                <artifactId>spring-boot-dependencies</artifactId>-->
+            <!--                <artifactId>spring-boot-dependencies</artifactId>-->
-<!--                <version>2.7.14</version>-->
+            <!--                <version>2.7.14</version>-->
-<!--                <type>pom</type>-->
+            <!--                <type>pom</type>-->
-<!--                <scope>import</scope>-->
+            <!--                <scope>import</scope>-->
-<!--            </dependency>-->
+            <!--            </dependency>-->
            <!-- Mysql驱动包 -->
            <dependency>
@ -201,13 +200,7 @@
            <!-- knife4j -->
            <dependency>
                <groupId>com.github.xiaoymin</groupId>
-                <artifactId>knife4j-micro-spring-boot-starter</artifactId>
+                <artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
                <version>${knife4j.version}</version>
            </dependency>
            <dependency>
                <groupId>com.github.xiaoymin</groupId>
                <artifactId>knife4j-spring-boot-starter</artifactId>
                <version>${knife4j.version}</version>
            </dependency>
--- a/ruoyi-admin/pom.xml
+++ b/ruoyi-admin/pom.xml
@ -23,19 +23,6 @@
            <optional>true</optional>            <!-- 表示依赖不会传递 -->
        </dependency>
        <!-- swagger3-->
        <dependency>
            <groupId>io.springfox</groupId>
            <artifactId>springfox-boot-starter</artifactId>
        </dependency>
        <!-- 防止进入swagger页面报类型转换错误，排除3.0.0中的引用，手动增加1.6.2版本 -->
        <dependency>
            <groupId>io.swagger</groupId>
            <artifactId>swagger-models</artifactId>
            <version>1.6.2</version>
        </dependency>
        <!-- Mysql驱动包 -->
        <dependency>
            <groupId>com.mysql</groupId>
@ -59,18 +46,6 @@
            <groupId>com.ruoyi</groupId>
            <artifactId>ruoyi-generator</artifactId>
        </dependency>
        <!-- knife4j -->
        <dependency>
            <groupId>com.github.xiaoymin</groupId>
            <artifactId>knife4j-micro-spring-boot-starter</artifactId>
        </dependency>
        <dependency>
            <groupId>com.github.xiaoymin</groupId>
            <artifactId>knife4j-spring-boot-starter</artifactId>
        </dependency>
    </dependencies>
    <build>
@ -79,9 +54,6 @@
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>3.0.0</version>
                <configuration>
                    <fork>true</fork>                    <!-- 如果没有该配置，devtools不会生效 -->
                </configuration>
                <executions>
                    <execution>
                        <goals>
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/tool/TestController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/tool/TestController.java
@ -4,6 +4,11 @@ import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@ -15,19 +20,13 @@ import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.domain.R;
 import com.ruoyi.common.utils.StringUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import io.swagger.annotations.ApiOperation;
 /**
 * swagger 用户测试方法
 *
 * @author ruoyi
 */
-@Api("用户信息管理")
+@Tag(name = "用户信息管理")
@RestController
@RequestMapping("/test/user")
 public class TestController extends BaseController
@ -38,7 +37,7 @@ public class TestController extends BaseController
        users.put(2, new UserEntity(2, "ry", "admin123", "15666666666"));
    }
-    @ApiOperation("获取用户列表")
+    @Operation(summary = "获取用户列表")
    @GetMapping("/list")
    public R<List<UserEntity>> userList()
    {
@ -46,8 +45,7 @@ public class TestController extends BaseController
        return R.ok(userList);
    }
-    @ApiOperation("获取用户详细")
+    @Operation(summary = "获取用户详细")
    @ApiImplicitParam(name = "userId", value = "用户ID", required = true, dataType = "int", paramType = "path", dataTypeClass = Integer.class)
    @GetMapping("/{userId}")
    public R<UserEntity> getUser(@PathVariable Integer userId)
    {
@ -61,13 +59,7 @@ public class TestController extends BaseController
        }
    }
-    @ApiOperation("新增用户")
+    @Operation(summary = "新增用户")
    @ApiImplicitParams({
        @ApiImplicitParam(name = "userId", value = "用户id", dataType = "Integer", dataTypeClass = Integer.class),
        @ApiImplicitParam(name = "username", value = "用户名称", dataType = "String", dataTypeClass = String.class),
        @ApiImplicitParam(name = "password", value = "用户密码", dataType = "String", dataTypeClass = String.class),
        @ApiImplicitParam(name = "mobile", value = "用户手机", dataType = "String", dataTypeClass = String.class)
    })
    @PostMapping("/save")
    public R<String> save(UserEntity user)
    {
@ -79,7 +71,7 @@ public class TestController extends BaseController
        return R.ok();
    }
-    @ApiOperation("更新用户")
+    @Operation(summary = "更新用户")
    @PutMapping("/update")
    public R<String> update(@RequestBody UserEntity user)
    {
@ -96,8 +88,7 @@ public class TestController extends BaseController
        return R.ok();
    }
-    @ApiOperation("删除用户信息")
+    @Operation(summary = "删除用户信息")
    @ApiImplicitParam(name = "userId", value = "用户ID", required = true, dataType = "int", paramType = "path", dataTypeClass = Integer.class)
    @DeleteMapping("/{userId}")
    public R<String> delete(@PathVariable Integer userId)
    {
@ -113,19 +104,19 @@ public class TestController extends BaseController
    }
 }
-@ApiModel(value = "UserEntity", description = "用户实体")
+@Schema(description = "用户实体")
 class UserEntity
 {
-    @ApiModelProperty("用户ID")
+    @Schema(defaultValue = "用户ID")
    private Integer userId;
-    @ApiModelProperty("用户名称")
+    @Schema(defaultValue = "用户名称")
    private String username;
-    @ApiModelProperty("用户密码")
+    @Schema(defaultValue = "用户密码")
    private String password;
-    @ApiModelProperty("用户手机")
+    @Schema(defaultValue = "用户手机")
    private String mobile;
    public UserEntity()
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/core/config/SwaggerConfig.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/core/config/SwaggerConfig.java
@ -1,125 +1,36 @@
 package com.ruoyi.web.core.config;
-import java.util.ArrayList;
+import io.swagger.v3.oas.models.ExternalDocumentation;
-import java.util.List;
+import io.swagger.v3.oas.models.OpenAPI;
-import org.springframework.beans.factory.annotation.Autowired;
+import io.swagger.v3.oas.models.info.Info;
-import org.springframework.beans.factory.annotation.Value;
+import io.swagger.v3.oas.models.info.License;
 import org.springdoc.core.models.GroupedOpenApi;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import com.ruoyi.common.config.RuoYiConfig;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.models.auth.In;
 import springfox.documentation.builders.ApiInfoBuilder;
 import springfox.documentation.builders.PathSelectors;
 import springfox.documentation.builders.RequestHandlerSelectors;
 import springfox.documentation.service.ApiInfo;
 import springfox.documentation.service.ApiKey;
 import springfox.documentation.service.AuthorizationScope;
 import springfox.documentation.service.Contact;
 import springfox.documentation.service.SecurityReference;
 import springfox.documentation.service.SecurityScheme;
 import springfox.documentation.spi.DocumentationType;
 import springfox.documentation.spi.service.contexts.SecurityContext;
 import springfox.documentation.spring.web.plugins.Docket;
 /**
 * Swagger2的接口配置
 * 
 * @author ruoyi
 */
@Configuration
-public class SwaggerConfig
+public class SwaggerConfig {
 {
    /** 系统基础配置 */
    @Autowired
    private RuoYiConfig ruoyiConfig;
    /** 是否开启swagger */
    @Value("${swagger.enabled}")
    private boolean enabled;
    /** 设置请求的统一前缀 */
    @Value("${swagger.pathMapping}")
    private String pathMapping;
    /**
     * 创建API
     */
    @Bean
-    public Docket createRestApi()
+    public OpenAPI springShopOpenAPI() {
-    {
+        return new OpenAPI()
-        return new Docket(DocumentationType.OAS_30)
+                .info(new Info().title("RuoYi Geek")
-                // 是否启用Swagger
+                        .description("RuoYi Geek API文档")
-                .enable(enabled)
+                        .version("v1")
-                // 用来创建该API的基本信息，展示在文档的页面中（自定义展示的信息）
+                        .license(new License().name("Apache 2.0").url("http://springdoc.org")))
-                .apiInfo(apiInfo())
+                .externalDocs(new ExternalDocumentation()
-                // 设置哪些接口暴露给Swagger展示
+                        .description("外部文档")
-                .select()
+                        .url("https://springshop.wiki.github.org/docs"));
                // 扫描所有有注解的api，用这种方式更灵活
                .apis(RequestHandlerSelectors.withMethodAnnotation(ApiOperation.class))
                // 扫描指定包中的swagger注解
                // .apis(RequestHandlerSelectors.basePackage("com.ruoyi.project.tool.swagger"))
                // 扫描所有 .apis(RequestHandlerSelectors.any())
                .paths(PathSelectors.any())
                .build()
                /* 设置安全模式，swagger可以设置访问token */
                .securitySchemes(securitySchemes())
                .securityContexts(securityContexts())
                .pathMapping(pathMapping);
    }
-    /**
+    @Bean
-     * 安全模式，这里指定token通过Authorization头请求头传递
+    public GroupedOpenApi sysApi() {
-     */
+        return GroupedOpenApi.builder()
-    private List<SecurityScheme> securitySchemes()
+                .group("sys系统")
-    {
+                .pathsToMatch("/system/**")
-        List<SecurityScheme> apiKeyList = new ArrayList<SecurityScheme>();
+                .packagesToScan(
-        apiKeyList.add(new ApiKey("Authorization", "Authorization", In.HEADER.toValue()));
+                        "com.ruoyi.web.controller")
        return apiKeyList;
    }
    /**
     * 安全上下文
     */
    private List<SecurityContext> securityContexts()
    {
        List<SecurityContext> securityContexts = new ArrayList<>();
        securityContexts.add(
                SecurityContext.builder()
                        .securityReferences(defaultAuth())
                        .operationSelector(o -> o.requestMappingPattern().matches("/.*"))
                        .build());
        return securityContexts;
    }
    /**
     * 默认的安全上引用
     */
    private List<SecurityReference> defaultAuth()
    {
        AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
        AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
        authorizationScopes[0] = authorizationScope;
        List<SecurityReference> securityReferences = new ArrayList<>();
        securityReferences.add(new SecurityReference("Authorization", authorizationScopes));
        return securityReferences;
    }
    /**
     * 添加摘要信息
     */
    private ApiInfo apiInfo()
    {
        // 用ApiInfoBuilder进行定制
        return new ApiInfoBuilder()
                // 设置标题
                .title("标题：若依管理系统_接口文档")
                // 描述
                .description("描述：用于管理集团旗下公司的人员信息,具体包括XXX,XXX模块...")
                // 作者信息
                .contact(new Contact(ruoyiConfig.getName(), null, null))
                // 版本
                .version("版本号:" + ruoyiConfig.getVersion())
                .build();
    }
 }
--- a/ruoyi-common/pom.xml
+++ b/ruoyi-common/pom.xml
@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>ruoyi</artifactId>
        <groupId>com.ruoyi</groupId>
@ -67,11 +66,11 @@
        </dependency>
        <!-- 动态数据源 -->
-		<dependency>
+        <dependency>
-			<groupId>com.baomidou</groupId>
+            <groupId>com.baomidou</groupId>
-			<artifactId>dynamic-datasource-spring-boot-starter</artifactId>
+            <artifactId>dynamic-datasource-spring-boot-starter</artifactId>
-			<version>3.5.2</version>
+            <version>3.5.2</version>
-		</dependency>
+        </dependency>
        <!-- 阿里JSON解析器 -->
        <dependency>
@ -143,6 +142,11 @@
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>3.5.3.1</version>
        </dependency>
        <dependency>
            <groupId>com.github.xiaoymin</groupId>
            <artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
        </dependency>
    </dependencies>
 </project>
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@ -1,18 +1,14 @@
 package com.ruoyi.framework.config;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Configurable;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 //import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@ -30,10 +26,9 @@ import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;
 *
 * @author ruoyi
 */
-@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
+@EnableMethodSecurity(prePostEnabled = true, securedEnabled = true)  
@Configuration
-public class SecurityConfig
+public class SecurityConfig {
 {
    /**
     * 自定义用户认证逻辑
     */
@ -76,12 +71,6 @@ public class SecurityConfig
     * @return
     * @throws Exception
     */
 //    @Bean
 //    @Override
 //    public AuthenticationManager authenticationManagerBean() throws Exception
 //    {
 //        return super.authenticationManagerBean();
 //    }
    @Bean
    AuthenticationManager authenticationManager() {
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
@ -90,70 +79,72 @@ public class SecurityConfig
        return new ProviderManager(daoAuthenticationProvider);
    }
    /**
-     * anyRequest          |   匹配所有请求路径
+     * anyRequest | 匹配所有请求路径
-     * access              |   SpringEl表达式结果为true时可以访问
+     * access | SpringEl表达式结果为true时可以访问
-     * anonymous           |   匿名可以访问
+     * anonymous | 匿名可以访问
-     * denyAll             |   用户不能访问
+     * denyAll | 用户不能访问
-     * fullyAuthenticated  |   用户完全认证可以访问（非remember-me下自动登录）
+     * fullyAuthenticated | 用户完全认证可以访问（非remember-me下自动登录）
-     * hasAnyAuthority     |   如果有参数，参数表示权限，则其中任何一个权限可以访问
+     * hasAnyAuthority | 如果有参数，参数表示权限，则其中任何一个权限可以访问
-     * hasAnyRole          |   如果有参数，参数表示角色，则其中任何一个角色可以访问
+     * hasAnyRole | 如果有参数，参数表示角色，则其中任何一个角色可以访问
-     * hasAuthority        |   如果有参数，参数表示权限，则其权限可以访问
+     * hasAuthority | 如果有参数，参数表示权限，则其权限可以访问
-     * hasIpAddress        |   如果有参数，参数表示IP地址，如果用户IP和参数匹配，则可以访问
+     * hasIpAddress | 如果有参数，参数表示IP地址，如果用户IP和参数匹配，则可以访问
-     * hasRole             |   如果有参数，参数表示角色，则其角色可以访问
+     * hasRole | 如果有参数，参数表示角色，则其角色可以访问
-     * permitAll           |   用户可以任意访问
+     * permitAll | 用户可以任意访问
-     * rememberMe          |   允许通过remember-me登录的用户访问
+     * rememberMe | 允许通过remember-me登录的用户访问
-     * authenticated       |   用户登录后可访问
+     * authenticated | 用户登录后可访问
     */
    @Bean
    SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
-        // 注解标记允许匿名访问的url
+        return httpSecurity
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity.authorizeRequests();
        permitAllUrl.getUrls().forEach(url -> registry.requestMatchers(url).permitAll());
        httpSecurity
                // CSRF禁用，因为不使用session
-                .csrf().disable()
+                .csrf(csrf -> csrf.disable())
                // 禁用HTTP响应标头
-                .headers().cacheControl().disable().and()
+                .headers(headersCustomizer -> headersCustomizer.cacheControl().disable())
                // 认证失败处理类
-                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
+                .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
                // 基于token，所以不需要session
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .authorizeRequests(auth->auth                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
+                .headers(headers -> headers.cacheControl().disable())
-                        .requestMatchers("/login", "/register", "/captchaImage").permitAll()
+                // 注解标记允许匿名访问的url
-                        // 静态资源，可匿名访问
+                .authorizeHttpRequests((requests) -> {
-                        .requestMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
+                    permitAllUrl.getUrls().forEach(url -> requests.requestMatchers(url).permitAll());
-                        .requestMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
+                    // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                        // 除上面外的所有请求全部需要鉴权认证
+                    requests.requestMatchers("/login", "/register", "/captchaImage").permitAll()
-                        .anyRequest().authenticated())
+                            // 静态资源，可匿名访问
-                .headers().frameOptions().disable();
+                            .requestMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js",
-        // 添加Logout filter
+                                    "/profile/**")
-        httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
+                            .permitAll()
-        // 添加JWT filter
+                            .requestMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs",
-        httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
+                                    "/druid/**", "/*/api-docs/**")
-        // 添加CORS filter
+                            .permitAll()
-        httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
+                            // 除上面外的所有请求全部需要鉴权认证
-        httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
+                            .anyRequest().authenticated();
-        return httpSecurity.build();
+                })
                // 添加Logout filter
                .logout(logout -> logout.logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler))
                // 添加JWT filter
                .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
                // 添加CORS filter
                .addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class)
                .addFilterBefore(corsFilter, LogoutFilter.class)
                .build();
    }
    /**
     * 强散列哈希加密实现
     */
    @Bean
-    public BCryptPasswordEncoder bCryptPasswordEncoder()
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
    {
        return new BCryptPasswordEncoder();
    }
    /**
     * 身份认证接口
     */
-//    @Override
+    // @Override
-//    protected void configure(AuthenticationManagerBuilder auth) throws Exception
+    // protected void configure(AuthenticationManagerBuilder auth) throws Exception
-//    {
+    // {
-//        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
+    // auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
-//    }
+    // }
 }