🚚 权限认证

spring-security/step-1/src/main/java/com/spring/controller/security/CheckController.java

@@ -0,0 +1,23 @@
+package com.spring.controller.security;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Tag(name = "检查接口", description = "检查当前用户的权限信息")
+@RestController
+@RequestMapping("/api/security")
+public class CheckController {
+
+    @GetMapping("/current-user")
+    public Authentication getCurrentUser() {
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        System.out.println("Current user: " + auth.getName());
+        System.out.println("Authorities: " + auth.getAuthorities());
+        return auth;
+    }
+
+}

spring-security/step-1/src/main/java/com/spring/security/config/SecurityConfiguration.java

@@ -26,14 +26,13 @@ public class SecurityConfiguration {
         String generatedPassword = passwordEncoder.encode("123456");
 
         // 创建用户 权限为只读
-        UserDetails userDetails1 = User.withUsername("bunny").password(generatedPassword).roles("USER").authorities("read").build();
+        UserDetails bunny = User.withUsername("bunny").password(generatedPassword).roles("USER").authorities("read").build();
 
-        //
-        UserDetails userDetails2 = User.withUsername("rabbit").password(generatedPassword).roles("USER").authorities("all").build();
-        UserDetails userDetails3 = User.withUsername("admin").password(generatedPassword).roles("ADMIN").authorities("all").build();
+        // 管理员可以查看全部
+        UserDetails admin = User.withUsername("admin").password(generatedPassword).roles("ADMIN").authorities("all", "read").build();
 
         // 返回内存中的用户
-        return new InMemoryUserDetailsManager(userDetails1, userDetails2, userDetails3);
+        return new InMemoryUserDetailsManager(bunny, admin);
     }
 
     /**

spring-security/step-1/src/main/java/com/spring/security/config/SecurityWebConfiguration.java

@@ -2,6 +2,7 @@ package com.spring.security.config;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -23,9 +24,10 @@ public class SecurityWebConfiguration {
         http.authorizeHttpRequests(authorizeRequests ->
                         // 访问路径为 /api/** 时需要进行认证
                         authorizeRequests
-                                .requestMatchers("/api/system/**").hasRole("USER")
-                                .requestMatchers("/api/**").hasAnyRole("ADMIN")
                                 .requestMatchers(permitAllUrls).permitAll()
+                                .requestMatchers("/api/security/**").permitAll()
+                                .requestMatchers(HttpMethod.GET, "/api/anonymous/**").anonymous()
+                                .requestMatchers("/api/**").hasAnyAuthority("all", "read")  // 会自动变成 ROLE_ADMIN
                 )
                 .formLogin(loginPage -> loginPage
                         // 自定义登录页路径