feat(security): 添加 CORS 配置并修改登录接口路径

- 在 SecurityConfig 中添加 CORS 配置，允许跨域请求 - 将 AdminController 中的登录接口路径修改为 /auth/login
2025-05-25 15:09:10 +08:00 · 2025-05-25 15:09:10 +08:00 · 229dc941bb
parent ae619cc964
commit 229dc941bb
2 changed files with 21 additions and 1 deletions
--- a/src/main/java/com/example/admin_server/config/SecurityConfig.java
+++ b/src/main/java/com/example/admin_server/config/SecurityConfig.java
@ -9,6 +9,11 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Collections;

@Configuration
@EnableWebSecurity
@ -28,6 +33,7 @@ public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
+                .cors().and()
                .csrf().disable()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
@ -49,4 +55,18 @@ public class SecurityConfig {

        return http.build();
    }
+
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOriginPatterns(Collections.singletonList("*")); // 或指定 http://localhost:9527
+        config.setAllowCredentials(true);
+        config.addAllowedHeader("*");
+        config.addAllowedMethod("*");
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return source;
+    }
 }
--- a/src/main/java/com/example/admin_server/controller/admin/AdminController.java
+++ b/src/main/java/com/example/admin_server/controller/admin/AdminController.java
@ -28,7 +28,7 @@ public class AdminController {
    private final AdminMapper adminMapper;
    private final JwtUtil jwtUtil;

-    @PostMapping("/login")
+    @PostMapping("/auth/login")
    @ApiOperation(value = "管理员登陆")
    public Result<?> login(@RequestBody LoginDto request) {
        Admin admin = adminMapper.selectOne(new QueryWrapper<Admin>()