From 5a3a34341952483c1f4d365bda011970fc106bf4 Mon Sep 17 00:00:00 2001
From: bunny <1319900154@qq.com>
Date: Thu, 10 Jul 2025 22:22:13 +0800
Subject: [PATCH] =?UTF-8?q?:truck:=20=E6=9D=83=E9=99=90=E8=AE=A4=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/security/CheckController.java  | 23 +++++++++++++++++++
 .../config/SecurityConfiguration.java         |  9 ++++----
 .../config/SecurityWebConfiguration.java      |  6 +++--
 3 files changed, 31 insertions(+), 7 deletions(-)
 create mode 100644 spring-security/step-1/src/main/java/com/spring/controller/security/CheckController.java

diff --git a/spring-security/step-1/src/main/java/com/spring/controller/security/CheckController.java b/spring-security/step-1/src/main/java/com/spring/controller/security/CheckController.java
new file mode 100644
index 0000000..8063d47
--- /dev/null
+++ b/spring-security/step-1/src/main/java/com/spring/controller/security/CheckController.java
@@ -0,0 +1,23 @@
+package com.spring.controller.security;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Tag(name = "检查接口", description = "检查当前用户的权限信息")
+@RestController
+@RequestMapping("/api/security")
+public class CheckController {
+
+    @GetMapping("/current-user")
+    public Authentication getCurrentUser() {
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        System.out.println("Current user: " + auth.getName());
+        System.out.println("Authorities: " + auth.getAuthorities());
+        return auth;
+    }
+
+}
diff --git a/spring-security/step-1/src/main/java/com/spring/security/config/SecurityConfiguration.java b/spring-security/step-1/src/main/java/com/spring/security/config/SecurityConfiguration.java
index 2ff213b..52a7db4 100644
--- a/spring-security/step-1/src/main/java/com/spring/security/config/SecurityConfiguration.java
+++ b/spring-security/step-1/src/main/java/com/spring/security/config/SecurityConfiguration.java
@@ -26,14 +26,13 @@ public class SecurityConfiguration {
         String generatedPassword = passwordEncoder.encode("123456");
 
         // 创建用户 权限为只读
-        UserDetails userDetails1 = User.withUsername("bunny").password(generatedPassword).roles("USER").authorities("read").build();
+        UserDetails bunny = User.withUsername("bunny").password(generatedPassword).roles("USER").authorities("read").build();
 
-        //
-        UserDetails userDetails2 = User.withUsername("rabbit").password(generatedPassword).roles("USER").authorities("all").build();
-        UserDetails userDetails3 = User.withUsername("admin").password(generatedPassword).roles("ADMIN").authorities("all").build();
+        // 管理员可以查看全部
+        UserDetails admin = User.withUsername("admin").password(generatedPassword).roles("ADMIN").authorities("all", "read").build();
 
         // 返回内存中的用户
-        return new InMemoryUserDetailsManager(userDetails1, userDetails2, userDetails3);
+        return new InMemoryUserDetailsManager(bunny, admin);
     }
 
     /**
diff --git a/spring-security/step-1/src/main/java/com/spring/security/config/SecurityWebConfiguration.java b/spring-security/step-1/src/main/java/com/spring/security/config/SecurityWebConfiguration.java
index 11bf0a8..f53adf3 100644
--- a/spring-security/step-1/src/main/java/com/spring/security/config/SecurityWebConfiguration.java
+++ b/spring-security/step-1/src/main/java/com/spring/security/config/SecurityWebConfiguration.java
@@ -2,6 +2,7 @@ package com.spring.security.config;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -23,9 +24,10 @@ public class SecurityWebConfiguration {
         http.authorizeHttpRequests(authorizeRequests ->
                         // 访问路径为 /api/** 时需要进行认证
                         authorizeRequests
-                                .requestMatchers("/api/system/**").hasRole("USER")
-                                .requestMatchers("/api/**").hasAnyRole("ADMIN")
                                 .requestMatchers(permitAllUrls).permitAll()
+                                .requestMatchers("/api/security/**").permitAll()
+                                .requestMatchers(HttpMethod.GET, "/api/anonymous/**").anonymous()
+                                .requestMatchers("/api/**").hasAnyAuthority("all", "read")  // 会自动变成 ROLE_ADMIN
                 )
                 .formLogin(loginPage -> loginPage
                         // 自定义登录页路径