From 229dc941bb77b19738187f3f63b280ec41bf9389 Mon Sep 17 00:00:00 2001
From: FalingCliff <yuluo688@163.com>
Date: Sun, 25 May 2025 15:09:10 +0800
Subject: [PATCH] =?UTF-8?q?feat(security):=20=E6=B7=BB=E5=8A=A0=20CORS=20?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E5=B9=B6=E4=BF=AE=E6=94=B9=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E8=B7=AF=E5=BE=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 在 SecurityConfig 中添加 CORS 配置，允许跨域请求
- 将 AdminController 中的登录接口路径修改为 /auth/login
---
 .../admin_server/config/SecurityConfig.java   | 20 +++++++++++++++++++
 .../controller/admin/AdminController.java     |  2 +-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/example/admin_server/config/SecurityConfig.java b/src/main/java/com/example/admin_server/config/SecurityConfig.java
index 5f01e7b..ad68c24 100644
--- a/src/main/java/com/example/admin_server/config/SecurityConfig.java
+++ b/src/main/java/com/example/admin_server/config/SecurityConfig.java
@@ -9,6 +9,11 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Collections;
 
 @Configuration
 @EnableWebSecurity
@@ -28,6 +33,7 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
+                .cors().and()
                 .csrf().disable()
                 .sessionManagement()
                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
@@ -49,4 +55,18 @@ public class SecurityConfig {
 
         return http.build();
     }
+
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOriginPatterns(Collections.singletonList("*")); // 或指定 http://localhost:9527
+        config.setAllowCredentials(true);
+        config.addAllowedHeader("*");
+        config.addAllowedMethod("*");
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return source;
+    }
 }
diff --git a/src/main/java/com/example/admin_server/controller/admin/AdminController.java b/src/main/java/com/example/admin_server/controller/admin/AdminController.java
index 394d0c9..b9b316e 100644
--- a/src/main/java/com/example/admin_server/controller/admin/AdminController.java
+++ b/src/main/java/com/example/admin_server/controller/admin/AdminController.java
@@ -28,7 +28,7 @@ public class AdminController {
     private final AdminMapper adminMapper;
     private final JwtUtil jwtUtil;
 
-    @PostMapping("/login")
+    @PostMapping("/auth/login")
     @ApiOperation(value = "管理员登陆")
     public Result<?> login(@RequestBody LoginDto request) {
         Admin admin = adminMapper.selectOne(new QueryWrapper<Admin>()