Spring Boot +安全性：无法提供静态页面：请求方法'GET'不支持

Question

使用具有Spring Security（安全性核心4.2.3）的Spring Boot 1.5.6构建Web应用程序。访问应用程序根目录时出现以下错误。理想情况下，根据文档，它应该在上下文根目录中提供索引页面，但会出现此错误。

2018-10-31 18:58:31.879 WARN 5536 --- [nio-8080-exec-1] o.s.web.servlet.PageNotFound : Request method 'GET' not supported 2018-10-31 18:58:31.880 WARN 5536 --- [nio-8080-exec-1] .w.s.m.s.DefaultHandlerExceptionResolver : Resolved exception caused by Handler execution: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported

安全配置在下面，

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/token").permitAll();
    http.authorizeRequests().antMatchers("/").permitAll();
    http.authorizeRequests().antMatchers("/api/**").authenticated().and().exceptionHandling()
            .authenticationEntryPoint(entryPoint).and().authorizeRequests().antMatchers(HttpMethod.OPTIONS)
            .permitAll().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .addFilterAt(authenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
}

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("app/token");
    web.ignoring().antMatchers("/");
}

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>com.temp.am</groupId>
<artifactId>app</artifactId>
<version>1.0.0</version>
<!-- For deployment comment the JAR packaging, disable CORS at class -->
<packaging>war</packaging>
<!-- <packaging>jar</packaging> -->
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.6.RELEASE</version>
</parent>
<properties>
    <project.build.sourceEncoding>Cp1252</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>1.8</java.version>
    <maven.compiler.target>1.8</maven.compiler.target>
    <maven.compiler.source>1.8</maven.compiler.source>
    <tomcat.version>8.0.15</tomcat.version>
</properties>
<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
            <executions>
                <execution>
                    <goals>
                        <goal>repackage</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-compiler-plugin</artifactId>
            <configuration>
                <source>1.8</source>
                <target>1.8</target>
                <compilerVersion>1.8</compilerVersion>
                <fork>true</fork>
            </configuration>
        </plugin>

    </plugins>
</build>
<dependencies>
    <dependency>
        <groupId>com.oracle</groupId>
        <artifactId>ojdbc6</artifactId>
        <version>11.2.0.3.0</version>
    </dependency>
    <dependency>
        <groupId>commons-lang</groupId>
        <artifactId>commons-lang</artifactId>
        <version>2.6</version>
    </dependency>
    <dependency>
        <groupId>commons-collections</groupId>
        <artifactId>commons-collections</artifactId>
    </dependency>

    <dependency>
        <groupId>commons-dbcp</groupId>
        <artifactId>commons-dbcp</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-devtools</artifactId>
        <scope>runtime</scope>
    </dependency>

    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>javax.servlet-api</artifactId>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-tomcat</artifactId>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-jdbc</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt</artifactId>
        <version>0.6.0</version>
    </dependency>
</dependencies>

属性spring.mvc.view.prefix=WEB-INF/ spring.mvc.view.suffix=.html

根据doc，当我们在浏览器中到达应用程序根目录时，/ public或/ static或/ resource中的任何静态内容都应呈现。另外，我已经注意到，身份验证过滤器（扩展AbstractAuthenticationProcessingFilter的自定义过滤器）在春季被两次调用，第一个：VirtualFilterChain，第二个：ApplicationFilterChain。我不确定为什么将身份验证过滤器放在两个FilterChains中：originalFilter以及AdditionalFilters。我已经尽力阅读了stackoverflow的答案和Spring文档：多次阅读了文档，以查看是否缺少任何配置。