带有REST体系结构的Spring Security

尝试这样的事情：

You should try this, may be it will help you:@Configuration@EnableWebSecurity@Profile("container")public class SOAPSecurityConfig extends WebSecurityConfigurerAdapter {@Autowiredprivate AuthenticationProvider authenticationProvider;@Autowiredprivate AuthenticationProvider authenticationProviderDB;@Override@Order(1)protected void configure(AuthenticationManagerBuilder auth) throws Exception {    auth.authenticationProvider(authenticationProvider);}@Order(2)protected void ConfigureGlobal(AuthenticationManagerBuilder auth) throws Exception {    auth.authenticationProvider(authenticationProviderDB);}@Override  public void configure(WebSecurity web) throws Exception {    web      .ignoring()         .antMatchers("/scripts/**","/styles/**","/images/**","/error/**");  }@Overridepublic void configure(HttpSecurity http) throws Exception {    http .authorizeRequests() .antMatchers("/rest/**").authenticated() .antMatchers("/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .successHandler(new AuthenticationSuccessHandler() {     @Override     public void onAuthenticationSuccess(  HttpServletRequest request,  HttpServletResponse response,  Authentication a) throws IOException, ServletException {      //To change body of generated methods,      response.setStatus(HttpServletResponse.SC_OK);  } }) .failureHandler(new AuthenticationFailureHandler() {     @Override     public void onAuthenticationFailure(  HttpServletRequest request,  HttpServletResponse response,  AuthenticationException ae) throws IOException, ServletException {      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);  } }) .loginProcessingUrl("/access/login") .and() .logout() .logoutUrl("/access/logout")      .logoutSuccessHandler(new LogoutSuccessHandler() {     @Override     public void onLogoutSuccess(  HttpServletRequest request,   HttpServletResponse response,   Authentication a) throws IOException, ServletException {         response.setStatus(HttpServletResponse.SC_NO_CONTENT);     } }) .invalidateHttpSession(true) .and() .exceptionHandling() .authenticationEntryPoint(new Http403ForbiddenEntryPoint()) .and() .csrf()//Disabled CSRF protection .disable();    }}