fix(后端): 完善 JWT 过滤器和 SecurityConfig 配置

lesingle-edu-reading-platform-backend/src/main/java/com/lesingle/edu/common/config/SecurityConfig.java

@@ -1,6 +1,5 @@
 package com.lesingle.edu.common.config;
 
-import com.lesingle.edu.common.filter.TraceIdFilter;
 import com.lesingle.edu.common.security.JwtAuthenticationFilter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
@@ -31,7 +30,7 @@ import java.util.List;
 @RequiredArgsConstructor
 public class SecurityConfig {
 
-    private final TraceIdFilter traceIdFilter;
+    private final JwtAuthenticationFilter jwtAuthenticationFilter;
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -53,7 +52,8 @@ public class SecurityConfig {
                         // All other requests require authentication
                         .anyRequest().authenticated()
                 )
-                .addFilterBefore(traceIdFilter, UsernamePasswordAuthenticationFilter.class);
+                // 添加 JWT 过滤器到 UsernamePasswordAuthenticationFilter 之前
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }

lesingle-edu-reading-platform-backend/src/main/java/com/lesingle/edu/common/security/JwtAuthenticationFilter.java

@@ -18,8 +18,6 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -39,7 +37,6 @@ import java.util.Map;
 @Slf4j
 @Component
 @RequiredArgsConstructor
-@Order(Ordered.HIGHEST_PRECEDENCE + 10)  // 在 TraceIdFilter 之后执行
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
     private final JwtTokenProvider jwtTokenProvider;
@@ -52,13 +49,17 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                                     FilterChain filterChain) throws ServletException, IOException {
+        log.debug("JwtAuthenticationFilter doFilterInternal called for: {}", request.getRequestURI());
         try {
             String token = resolveToken(request);
+            log.debug("Token extracted: {}", token != null ? "present" : "null");
             if (StringUtils.hasText(token)) {
+                log.debug("Token validation starting...");
                 // 验证 token 并获取错误原因
                 String tokenErrorReason = jwtTokenProvider.validateTokenWithReason(token);
                 if (tokenErrorReason != null) {
                     // token 无效，返回 401 错误
+                    log.debug("Token validation failed: {}", tokenErrorReason);
                     sendError(response, HttpStatus.UNAUTHORIZED, getErrorMessage(tokenErrorReason));
                     return;
                 }