1. 引入相关依赖

在 build.gradle.kts 文件中添加 Spring Security 依赖：

dependencies {
    implementation("org.springframework.boot:spring-boot-starter-security")
}

2. 编写配置类

创建一个配置类，例如 SecurityConfig.kt：

package com.example.demo

import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.core.userdetails.User
import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.provisioning.InMemoryUserDetailsManager

@Configuration
@EnableWebSecurity
class SecurityConfig : WebSecurityConfigurerAdapter() {

    @Bean
    override fun userDetailsService(): UserDetailsService {
        val user: UserDetails =
            User.withDefaultPasswordEncoder()
               .username("user")
               .password("password")
               .roles("USER")
               .build()

        return InMemoryUserDetailsManager(user)
    }

    override fun configure(http: HttpSecurity) {
        http
           .httpBasic()
           .and()
           .authorizeRequests()
               .antMatchers(HttpMethod.GET, "/public/**").permitAll()
               .anyRequest().authenticated()
               .and()
           .sessionManagement()
               .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    }
}

上述配置类做了以下几件事：

• userDetailsService 方法定义了一个内存中的用户信息，包含用户名、密码和角色。
• configure 方法配置了 HTTP Basic 认证，允许所有对 /public/** 的 GET 请求，其他请求需要认证。同时设置会话管理为无状态。