Spring Security使用PUT方法

Question

我正在尝试使用休息控制器将商品添加到购物车。当发送PUT到localhost：8080 / rest / cart / add / P1234以更新带有新项目的购物车时，我一直收到404错误。 没有找到解决此问题的任何内容。
当使用Postman时，我刚刚获得了一个登录重定向，这就是让我想到考虑安全性的想法...在禁用所有安全组件后，代码可以工作。
有人能指出我做错了什么来解决这个问题吗？

我正在使用Spring Boot，我的WebSecurityConfig.java如下：

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, proxyTargetClass = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService customUserDetailsService;

    @Autowired
    private DataSource dataSource;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(customUserDetailsService)
                .passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .headers()
                .frameOptions().sameOrigin()
                .and()
                .authorizeRequests()
                .antMatchers("/js/**", "/css/**", "/images/**").permitAll()
                .antMatchers("/").permitAll()
                .antMatchers("/admin/**").hasRole("ADMIN")
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/home")
                .failureUrl("/login?error")
                .permitAll()
                .and()
                .logout()
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/login?logout")
                .deleteCookies("my-remember-me-cookie")
                .permitAll()
                .and()
                .exceptionHandling()
                .accessDeniedPage("/403")
        ;
    }
}

控制器：

@RestController
@RequestMapping("rest/cart")
public class CartRestController {
    private static Log log = LogFactory.getLog(ProductController.class);
    @Autowired
    private CartService cartService;
...
@PutMapping("/add/{productId}")
    @ResponseStatus(value = HttpStatus.OK)
    public void addItem(@PathVariable("productId") String productId, HttpSession session) {
        log.info(">> received add request for " + productId);
        cartService.addItem(session.getId(), productId);
    }
}

controllers.js

var cartApp = angular.module('cartApp', []);

cartApp.controller('cartCtrl', function($scope, $http) {



    $scope.addToCart = function(productId) {
        console.log("adding to Cart: " + productId);
        $http.put('/rest/cart/add/' + productId)
            .success(function(data) {
                alert("Product Successfully added to the Cart!");
            });
    };

});

最后，html使用thymeleaf：

<a href="#" class="btn btn-warning btn-large"  th:attr="ng-click='addToCart(\'' + ${product.productId}+ '\')'">
                        <span class="glyphicon-shopping-cart glyphicon"></span> [[#{button.orderNow}]]
                    </a>