feat(security): implement JWT-based authentication and authorization

- Configured JWT token validation filter in security chain - Added user role mapping with new t_user_role table and UserRole entity - Implemented custom authentication entry point and access denied handler - Updated UserDetailService to load user roles from database - Added @PreAuthorize annotation support for method-level security - Refactored build scripts to use java-library plugin and proper dependency scope - Enhanced SQL schema with user role table and improved table comments - Added global exception handler for AccessDeniedException - Introduced ResponseCodeEnum constants for unauthorized and forbidden access - Integrated TokenAuthenticationFilter into Spring Security filter chain
2025-11-29 15:19:35 +08:00
parent de52e2816c
commit 0a126eb520
17 changed files with 339 additions and 28 deletions
--- a/weblog-web/src/main/java/com/hanserwei/web/controller/TestController.java
+++ b/weblog-web/src/main/java/com/hanserwei/web/controller/TestController.java
@@ -1,9 +1,11 @@
 package com.hanserwei.web.controller;

 import com.hanserwei.common.aspect.ApiOperationLog;
+import com.hanserwei.common.utils.Response;
 import com.hanserwei.web.model.User;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.FieldError;
 import org.springframework.validation.annotation.Validated;
@@ -35,4 +37,12 @@ public class TestController {
        return ResponseEntity.ok("参数没有任何问题");
    }

+    @PostMapping("/admin/update")
+    @ApiOperationLog(description = "测试更新接口")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Response<?> testUpdate() {
+        log.info("更新成功...");
+        return Response.success();
+    }
+
 }