feat: 实现基于JSON的登录API和安全认证

refactor: 重构登录逻辑和会话管理 fix: 修复会话ID类型和WebSocket连接问题 build: 更新项目版本号和添加Servlet API依赖 style: 清理无用导入和注释代码
2025-09-08 17:46:48 +08:00
parent 3b90db0450
commit 23e1f98ae5
17 changed files with 477 additions and 223 deletions
--- a/server/src/main/java/com/ecep/contract/config/SecurityConfig.java
+++ b/server/src/main/java/com/ecep/contract/config/SecurityConfig.java
@@ -51,8 +51,8 @@ public class SecurityConfig {
        http
                .authorizeHttpRequests(authorize -> authorize
                        .requestMatchers("/login.html", "/css/**", "/js/**", "/images/**", "/webjars/**", "/login",
-                                "/error")
-                        .permitAll() // 允许静态资源、登录页面和错误页面访问
+                                "/error", "/api/login")
+                        .permitAll() // 允许静态资源、登录页面、错误页面和JSON登录API访问
                        .anyRequest().authenticated() // 其他所有请求需要认证
                )
                .csrf(AbstractHttpConfigurer::disable) // 禁用CSRF保护，适合开发环境