修改前
http
.addFilterBefore(muiltpartFilter, ChannelProcessingFilter.class)
.addFilterBefore(cf, ChannelProcessingFilter.class)
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.authorizeRequests()
.antMatchers("/ping**")
.permitAll()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login");
修改后
http
.addFilterBefore(muiltpartFilter, ChannelProcessingFilter.class)
.addFilterBefore(cf, ChannelProcessingFilter.class)
.authorizeRequests()
.antMatchers("/ping**")
.permitAll()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login");
- permitAll() 顺序很重要,如同在 XML 配置中,即把 authorizeRequests().anyRequest().authenticate 放到最后