该问题与SEC-2382有关,可以通过更新到Spring
Security 3.2.0.RELEASE来解决。作为参考,您将需要更新SecurityConfig,如下所示:
@Configuration@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private DataSource dataSource; @Autowired private UserDetailsService myCustomUserDetailsService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .jdbcAuthentication() .dataSource(dataSource) .and() .userDetailsService(myCustomUserDetailsService); } @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/app/**").hasRole("ADMIN") .and() .formLogin() .loginPage("/index.jsp") .defaultSuccessUrl("/app/") .failureUrl("/index.jsp") .permitAll() .and() .logout() .logoutSuccessUrl("/index.jsp"); }}
