修改前
http.addFilterBefore(muiltpartFilter, ChannelProcessingFilter.class).addFilterBefore(cf, ChannelProcessingFilter.class).authorizeRequests().anyRequest().authenticated().and().authorizeRequests().antMatchers("/ping**").permitAll().and().formLogin().loginPage("/login").permitAll().and().logout().logoutUrl("/logout").logoutSuccessUrl("/login");修改后
http.addFilterBefore(muiltpartFilter, ChannelProcessingFilter.class).addFilterBefore(cf, ChannelProcessingFilter.class).authorizeRequests().antMatchers("/ping**").permitAll().and().formLogin().loginPage("/login").permitAll().and().authorizeRequests().anyRequest().authenticated().and().logout().logoutUrl("/logout").logoutSuccessUrl("/login");- permitAll() 顺序很重要,如同在XML 配置中,即把authorizeRequests().anyRequest().authenticate 放到最后