Question

我编写了以下Spring安全配置：

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final AdminUserDetailsService userService;

    @Autowired
    public SecurityConfig(AdminUserDetailsService userService) {
        this.userService = userService;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(10);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf()
                .disable();

        http
                .authorizeRequests().
                antMatchers("/docs").hasAuthority("ADMIN")
                .antMatchers("/", "/**").permitAll();

        http
                .formLogin()
                .permitAll()
                .and()
                .logout()
                .logoutSuccessUrl("/");

        http
                .httpBasic();

    }

}

当我从浏览器访问localhost：8080 / docs页面时，它按预期显示了登录页面。但是当我登录时，什么都没有发生。

我在控制台上得到以下堆栈跟踪：

    30-08-2019 00:18:07.376 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
30-08-2019 00:18:07.378 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
30-08-2019 00:18:07.379 DEBUG 10930 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
30-08-2019 00:18:07.379 DEBUG 10930 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@4edbddf8. A new one will be created.
30-08-2019 00:18:07.382 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 4 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/docs'; against '/logout'
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /docs' doesn't match 'POST /logout'
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /docs' doesn't match 'PUT /logout'
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /docs' doesn't match 'DELETE /logout'
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 5 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /docs' doesn't match 'POST /login'
30-08-2019 00:18:07.384 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 6 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
30-08-2019 00:18:07.385 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
30-08-2019 00:18:07.385 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/docs'; against '/logout'
30-08-2019 00:18:07.385 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 8 of 14 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
30-08-2019 00:18:07.385 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
30-08-2019 00:18:07.385 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : pathInfo: both null (property equals)
30-08-2019 00:18:07.385 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : queryString: both null (property equals)
30-08-2019 00:18:07.385 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : requestURI: arg1=/docs; arg2=/docs (property equals)
30-08-2019 00:18:07.385 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : serverPort: arg1=8080; arg2=8080 (property equals)
30-08-2019 00:18:07.386 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : requestURL: arg1=http://localhost:8080/docs; arg2=http://localhost:8080/docs (property equals)
30-08-2019 00:18:07.386 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : scheme: arg1=http; arg2=http (property equals)
30-08-2019 00:18:07.386 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : serverName: arg1=localhost; arg2=localhost (property equals)
30-08-2019 00:18:07.386 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : contextPath: arg1=; arg2= (property equals)
30-08-2019 00:18:07.386 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : servletPath: arg1=/docs; arg2=/docs (property equals)
30-08-2019 00:18:07.386 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache        : Removing DefaultSavedRequest from session if present
30-08-2019 00:18:07.388 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
30-08-2019 00:18:07.389 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
30-08-2019 00:18:07.391 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@f62628b2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 70CE06C563826C2FBEC5AD15881543D3; Granted Authorities: ROLE_ANONYMOUS'
30-08-2019 00:18:07.391 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
30-08-2019 00:18:07.391 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
30-08-2019 00:18:07.391 DEBUG 10930 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /docs at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
30-08-2019 00:18:07.392 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/docs'; against '/docs'
30-08-2019 00:18:07.392 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /docs; Attributes: [hasAuthority('ADMIN')]
30-08-2019 00:18:07.392 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@f62628b2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 70CE06C563826C2FBEC5AD15881543D3; Granted Authorities: ROLE_ANONYMOUS
30-08-2019 00:18:07.398 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4cf08edb, returned: -1
30-08-2019 00:18:07.404 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:52) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:206) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.22.jar:9.0.22]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.22.jar:9.0.22]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.22.jar:9.0.22]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.22.jar:9.0.22]
...
...

30-08-2019 00:18:07.410 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.*']]
30-08-2019 00:18:07.410 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/docs'; against '/**/favicon.*'
30-08-2019 00:18:07.410 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher  : matches = true
30-08-2019 00:18:07.410 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@6f5aede9, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : httpRequestMediaTypes=[text/html, application/xhtml+xml, image/webp, image/apng, application/signed-exchange;v=b3, application/xml;q=0.9, */*;q=0.8]
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing text/html
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : application/json .isCompatibleWith text/html = false
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing application/xhtml+xml
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : application/json .isCompatibleWith application/xhtml+xml = false
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing image/webp
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : application/json .isCompatibleWith image/webp = false
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing image/apng
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : application/json .isCompatibleWith image/apng = false
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing application/signed-exchange;v=b3
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : application/json .isCompatibleWith application/signed-exchange;v=b3 = false
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing application/xml;q=0.9
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : application/json .isCompatibleWith application/xml;q=0.9 = false
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing */*;q=0.8
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : Ignoring
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : Did not match any media types
30-08-2019 00:18:07.412 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher  : matches = true
30-08-2019 00:18:07.413 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
30-08-2019 00:18:07.413 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher  : matches = true
30-08-2019 00:18:07.413 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher   : All requestMatchers returned true
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache        : DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/docs]
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Calling Authentication entry point.
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@6f5aede9, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher  : matches = true
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@6f5aede9, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : httpRequestMediaTypes=[text/html, application/xhtml+xml, image/webp, image/apng, application/signed-exchange;v=b3, application/xml;q=0.9, */*;q=0.8]
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing text/html
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : application/xhtml+xml .isCompatibleWith text/html = false
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : image/* .isCompatibleWith text/html = false
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher      : text/html .isCompatibleWith text/html = true
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher   : All requestMatchers returned true
30-08-2019 00:18:07.414 DEBUG 10930 --- [nio-8080-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@5149f16c
30-08-2019 00:18:07.415 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.web.DefaultRedirectStrategy        : Redirecting to 'http://localhost:8080/login'
30-08-2019 00:18:07.416 DEBUG 10930 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@33e3de77
30-08-2019 00:18:07.416 DEBUG 10930 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
30-08-2019 00:18:07.417 DEBUG 10930 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
30-08-2019 00:18:07.436 DEBUG 10930 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : /login at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : /login at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@4edbddf8. A new one will be created.
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : /login at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : /login at position 4 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/logout'
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'POST /logout'
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'PUT /logout'
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'DELETE /logout'
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : /login at position 5 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'POST /login'
30-08-2019 00:18:07.437 DEBUG 10930 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : /login at position 6 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
30-08-2019 00:18:07.440 DEBUG 10930 --- [nio-8080-exec-2] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@33e3de77
30-08-2019 00:18:07.440 DEBUG 10930 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
30-08-2019 00:18:07.440 DEBUG 10930 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

你们能指出我在这种情况下做错了什么吗？在使用几乎相同的配置之前，我已经实现了两次表单登录，并且没有这个问题。

使用最新版本的Spring Boot Starter Parent（2.1.7.RELEASE）+安全启动程序。

Spring Security未对用户进行身份验证，说SecurityContext为空或内容为匿名-上下文将不会存储在HttpSession中

0 个答案: