package com.onekeycall.videotablet.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity public class SecurityConfig { private final UserDetailsService userDetailsService; @Autowired public SecurityConfig(UserDetailsService userDetailsService) { this.userDetailsService = userDetailsService; } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.csrf(csrf -> csrf.disable()) .authorizeHttpRequests(auth -> auth .requestMatchers("/ws/**").permitAll() .requestMatchers("/api/ws/**", "/topic/**").permitAll() .requestMatchers("/public/**").permitAll() .requestMatchers("/sn/**").permitAll() .requestMatchers("/user/**").permitAll() .requestMatchers("/rtc/**").permitAll() .requestMatchers("/admin/**").hasRole("ADMIN") // .requestMatchers("/user/**").hasAnyRole("USER", "ADMIN") .requestMatchers("/user/**").permitAll() .anyRequest().authenticated() ); return http.build(); } // 添加AuthenticationManager bean定义 @Bean public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception { return authConfig.getAuthenticationManager(); } }