ok

2025-05-12 17:07:08 +09:00
parent 277fbd22cd 2617b4a5ae
commit 06cba204b5
1 changed files with 20 additions and 8 deletions
--- a/src/main/java/co/jp/app/config/security/SecurityConfig.java
+++ b/src/main/java/co/jp/app/config/security/SecurityConfig.java
@ -21,11 +21,11 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
@Configuration
 public class SecurityConfig {

-    private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    //private final JwtAuthenticationFilter jwtAuthenticationFilter;
    private final UserDetailsService userDetailsService;

    public SecurityConfig(@Lazy JwtAuthenticationFilter jwtAuthenticationFilter, @Lazy UserDetailsService userDetailsService) {
-        this.jwtAuthenticationFilter = jwtAuthenticationFilter;
+        //this.jwtAuthenticationFilter = jwtAuthenticationFilter;
        this.userDetailsService = userDetailsService;
    }

@ -47,16 +47,28 @@ public class SecurityConfig {
        return authenticationConfiguration.getAuthenticationManager();
    }

+//    @Bean
+//    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+//        http.csrf(AbstractHttpConfigurer::disable)
+//                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+//                .authorizeHttpRequests(auth -> auth
+//                        .requestMatchers("/api/user/login", "/api/user/register").permitAll()
+//                        .anyRequest().authenticated()
+//                )
+//                .authenticationProvider(authenticationProvider())
+//                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+//
+//        return http.build();
+//    }
+
    @Bean
+    //暂时开放所有权限
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+
        http.csrf(AbstractHttpConfigurer::disable)
-                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(auth -> auth
-                        .requestMatchers("/api/user/login", "/api/user/register").permitAll()
-                        .anyRequest().authenticated()
-                )
-                .authenticationProvider(authenticationProvider())
-                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+                        .anyRequest().permitAll()
+                );

        return http.build();
    }