fix: 修复网关启动找不到服务的问题，修复jwt问题，修复自动导入失败问题。

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/config/SecurityConfiguration.java

@@ -1,5 +1,7 @@
 package cn.meowrain.aioj.backend.auth.config;
 
+import cn.meowrain.aioj.backend.auth.filter.JwtAuthenticationFilter;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -10,11 +12,15 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @Configuration
 @EnableWebSecurity
+@RequiredArgsConstructor
 public class SecurityConfiguration {
 
+	private final JwtAuthenticationFilter jwtAuthenticationFilter;
+
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http.csrf(csrf -> csrf.disable())
@@ -24,7 +30,8 @@ public class SecurityConfiguration {
 						"/v3/api-docs/**", "/favicon.ico")
 				.permitAll()
 				.anyRequest()
-				.authenticated());
+				.authenticated())
+			.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 		return http.build();
 	}
 

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/filter/JwtAuthenticationFilter.java

@@ -1,11 +1,106 @@
 package cn.meowrain.aioj.backend.auth.filter;
 
+import cn.meowrain.aioj.backend.auth.service.AuthService;
+import cn.meowrain.aioj.backend.auth.utils.JwtUtil;
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
 
 /**
- * JWT拦截器
+ * JWT认证过滤器
+ * 拦截所有请求，验证JWT Token
  */
 @Component
-public class JwtAuthenticationFilter {
+@RequiredArgsConstructor
+@Slf4j
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
+    private final JwtUtil jwtUtil;
+    private final AuthService authService;
+
+    private static final String TOKEN_PREFIX = "Bearer ";
+    private static final String HEADER_NAME = "Authorization";
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        try {
+            String token = extractTokenFromRequest(request);
+
+            if (StringUtils.hasText(token) && jwtUtil.isTokenValid(token)) {
+                Claims claims = jwtUtil.parseClaims(token);
+                Authentication authentication = createAuthentication(claims);
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+
+                log.debug("JWT Authentication successful for user: {}", claims.getSubject());
+            } else {
+                log.debug("No valid JWT token found in request");
+            }
+        } catch (Exception e) {
+            log.error("JWT Authentication failed", e);
+            SecurityContextHolder.clearContext();
+        }
+
+        filterChain.doFilter(request, response);
+    }
+
+    /**
+     * 从请求中提取JWT Token
+     */
+    private String extractTokenFromRequest(HttpServletRequest request) {
+        String bearerToken = request.getHeader(HEADER_NAME);
+        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(TOKEN_PREFIX)) {
+            return bearerToken.substring(TOKEN_PREFIX.length());
+        }
+        return null;
+    }
+
+    /**
+     * 根据JWT Claims创建Authentication对象
+     */
+    private Authentication createAuthentication(Claims claims) {
+        String userId = claims.getSubject();
+        String userName = claims.get("userName", String.class);
+        String role = claims.get("role", String.class);
+
+        // 创建权限列表
+        List<SimpleGrantedAuthority> authorities = Collections.singletonList(
+            new SimpleGrantedAuthority("ROLE_" + (role != null ? role : "USER"))
+        );
+
+        // 创建认证对象
+        UsernamePasswordAuthenticationToken authentication =
+            new UsernamePasswordAuthenticationToken(userId, null, authorities);
+
+        return authentication;
+    }
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
+        String path = request.getRequestURI();
+        // 跳过不需要JWT验证的路径
+        return path.startsWith("/v1/auth/") ||
+               path.startsWith("/doc.html") ||
+               path.startsWith("/swagger-ui/") ||
+               path.startsWith("/swagger-resources/") ||
+               path.startsWith("/webjars/") ||
+               path.startsWith("/v3/api-docs/") ||
+               path.equals("/favicon.ico");
+    }
 }