Spring Boot / Spring Security正在忽略来自JavaScript的/ login调用

这是对我有用的答案/解决方案。根据本文（http://patrickgrimard.com/2014/01/03/spring-security-
csrf-protection-in-a-backbone-single-page-
app/
），添加

CSRFTokenGeneratorFilter extendsOncePerRequestFilter

public final class CSRFTokenGeneratorFilter extends oncePerRequestFilter {    @Override    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {        CsrfToken token = (CsrfToken) request.getAttribute("_csrf");        response.setHeader("X-CSRF-HEADER", token.getHeaderName());        response.setHeader("X-CSRF-PARAM", token.getParameterName());        response.setHeader("X-CSRF-TOKEN", token.getToken());        filterChain.doFilter(request, response);    }}

接线如下：

@Configuration@EnableWebMvcSecuritypublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {    @Autowired    private CustomUserDetailsService customUserDetailsService;    @Override    protected void configure(HttpSecurity http) throws Exception {        http     .addFilterAfter(new CSRFTokenGeneratorFilter(), CsrfFilter.class)     .authorizeRequests()     .antMatchers("/").permitAll()     .antMatchers("/login").permitAll()..}}

我不确定为什么需要过滤器，但是我想spring-boot / security不会使用它作为默认值。