更改allowCredentials设置。allowedOrigins允许所有设备发送请求

src/main/java/co/jp/app/config/CorsConfig.java

@@ -10,9 +10,8 @@ public class CorsConfig implements WebMvcConfigurer {
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/api/**") // 允许 /api/ 下的所有请求
-                .allowedOrigins("http://192.168.1.50:5173") // 允许来自该域的请求
+                .allowedOrigins("*") // 允许来自该域的请求
                 .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS") // 允许的 HTTP 方法
-                .allowedHeaders("*") // 允许所有头部
-                .allowCredentials(true); // 允许发送 Cookie
+                .allowedHeaders("*"); // 允许所有头部
     }
 }

src/main/java/co/jp/app/config/security/SecurityConfig.java

@@ -1,7 +1,6 @@
 package co.jp.app.config.security;
 
 import co.jp.app.config.security.filter.JwtAuthenticationFilter;
-import co.jp.app.service.UserService;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Lazy;
@@ -21,11 +20,11 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
 @Configuration
 public class SecurityConfig {
 
-    //private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    private final JwtAuthenticationFilter jwtAuthenticationFilter;
     private final UserDetailsService userDetailsService;
 
     public SecurityConfig(@Lazy JwtAuthenticationFilter jwtAuthenticationFilter, @Lazy UserDetailsService userDetailsService) {
-        //this.jwtAuthenticationFilter = jwtAuthenticationFilter;
+        this.jwtAuthenticationFilter = jwtAuthenticationFilter;
         this.userDetailsService = userDetailsService;
     }
 
@@ -47,29 +46,18 @@ public class SecurityConfig {
         return authenticationConfiguration.getAuthenticationManager();
     }
 
-//    @Bean
-//    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-//        http.csrf(AbstractHttpConfigurer::disable)
-//                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-//                .authorizeHttpRequests(auth -> auth
-//                        .requestMatchers("/api/user/login", "/api/user/register").permitAll()
-//                        .anyRequest().authenticated()
-//                )
-//                .authenticationProvider(authenticationProvider())
-//                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
-//
-//        return http.build();
-//    }
-
     @Bean
-    //暂时开放所有权限
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-
         http.csrf(AbstractHttpConfigurer::disable)
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
-                        .anyRequest().permitAll()
-                );
+                        .requestMatchers("/api/user/login", "/api/user/register", "/api/inuhouse").permitAll()
+                        .anyRequest().authenticated()
+                )
+                .authenticationProvider(authenticationProvider())
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }
+
 }

src/main/java/co/jp/app/config/security/filter/JwtAuthenticationFilter.java

@@ -16,7 +16,6 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-
 @Component
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
 

src/main/java/co/jp/app/controller/UserController.java

@@ -38,39 +38,26 @@ public class UserController {
 
     @PostMapping("/register")
     public ResponseEntity<?> registerUser(@Valid @RequestBody RegistrationDto registrationDto) {
-        try {
 
-            UserEntity registeredUser = userService.registerNewUser(registrationDto);
+        UserEntity registeredUser = userService.registerNewUser(registrationDto);
 
-            return ResponseEntity.status(HttpStatus.CREATED).body(ApiResponse.success(registeredUser.getEmail()));
-        } catch (Exception e) {
-
-            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(ApiResponse.fail(ResultCode.BAD_REQUEST,null));
-        }
+        return ResponseEntity.status(HttpStatus.CREATED).body(ApiResponse.success(registeredUser.getEmail()));
     }
 
     @PostMapping("/login")
     public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginDto loginDto) {
-        try {
-            Authentication authentication = authenticationManager.authenticate(
-                    new UsernamePasswordAuthenticationToken(loginDto.getEmail(), loginDto.getPassword())
-            );
-            SecurityContextHolder.getContext().setAuthentication(authentication);
-            UserDetails userDetails = (UserDetails) authentication.getPrincipal();
 
-            String jwtToken = jwtService.generateToken(userDetails);
+        Authentication authentication = authenticationManager.authenticate(
+                new UsernamePasswordAuthenticationToken(loginDto.getEmail(), loginDto.getPassword())
+        );
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
 
-            Map<String, String> tokenResponse = new HashMap<>();
-            tokenResponse.put("token", jwtToken);
+        String jwtToken = jwtService.generateToken(userDetails);
 
-            return ResponseEntity.ok(ApiResponse.success(tokenResponse));
+        Map<String, String> tokenResponse = new HashMap<>();
+        tokenResponse.put("token", jwtToken);
 
-        } catch (BadCredentialsException e) {
-
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(ApiResponse.fail(ResultCode.UNAUTHORIZED,null));
-        } catch (Exception e) {
-
-            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(ApiResponse.fail(ResultCode.SERVICE_UNAVAILABLE,null));
-        }
+        return ResponseEntity.ok(ApiResponse.success(tokenResponse));
     }
 }

src/main/java/co/jp/app/service/UserService.java

@@ -3,6 +3,8 @@ package co.jp.app.service;
 import java.util.Collection;
 import java.util.Collections;
 
+import co.jp.app.common.ResultCode;
+import co.jp.app.exception.BusinessException;
 import org.jetbrains.annotations.NotNull;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -30,10 +32,15 @@ public class UserService implements UserDetailsService {
 	}
 
 	@Transactional
-	public UserEntity registerNewUser(@NotNull RegistrationDto registrationDto) throws Exception {
+	public UserEntity registerNewUser(@NotNull RegistrationDto registrationDto) throws BusinessException {
 
 		if (userRepository.existsByEmail(registrationDto.getEmail())) {
-			throw new Exception("error: Email" + registrationDto.getEmail() + " had been used");
+			throw new BusinessException(ResultCode.USER_EMAIL_ALREADY_EXISTS,"error: Email" + registrationDto.getEmail() + " had been used");
+		}
+
+		//密码最短6位限制
+		if (registrationDto.getPassword() == null || registrationDto.getPassword().length() < 6) {
+			throw new BusinessException(ResultCode.USER_PASSWORD_TOO_SHORT);
 		}
 
 		UserEntity newUser = new UserEntity();