新版SpringBoot 配置 Security

@EnableWebSecurity
public class SecurityConfig {

    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
                //关闭csrf
        http
                .csrf().disable()
                //不通过session获得SecurityContext
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                
                .authorizeRequests()
                //对于登录接口允许匿名访问（如果访问者携带有token 则不能访问）
                .antMatchers("/user/login").anonymous()
                //指定接口直接放行
                .antMatchers("/user/hello").permitAll()
                //除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated()
                
                .and()
                .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

}```