Java Spring WebSecurityConfigureAdapter登录在工作前失败几次

我在SpringSecurity4.1.3中扩展了

WebSecurity配置适配器

，用于登录我的网站。这是我的配置方法

@Override
protected void configure(HttpSecurity http) throws Exception {
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setDefaultTargetUrl("/index");
    http
        .authorizeRequests()
            .antMatchers("/register", "/registerattempt", "/registeractivate").permitAll()
            .antMatchers("/assets/**", "/images/**", "/favicon**", "/min/**").permitAll()
            .anyRequest().hasRole("USER")
            .and()
        .formLogin()
            .loginPage("/login")
            .failureUrl("/login?error")
            .permitAll()
            .successHandler(successHandler)
            .and()
        .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
            .deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .logoutSuccessUrl("/login")
            .and()
        .exceptionHandling()
            .accessDeniedHandler(new CustomAccessDeniedHandler());
}

我的表单使用一个thymeleaf动作来像这样发布

<form id="loginform" role="form" th:action="@{/login}"
                      method="post">

当它工作时

Location:http://localhost:8090/login

当它不起作用时

更新 调试日志非常详细，但我在失败时的日志中看到了这一点，而在工作时却没有

13 Jan 2017 20:20:58.923 [http-nio-8090-exec-8] DEBUG org.springframework.security.web.csrf.CsrfFilter - Invalid CSRF token found for http://localhost:8090/login

13 Jan 2017 20:25:44.244 [http-nio-8090-exec-5] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
13 Jan 2017 20:25:44.244 [http-nio-8090-exec-5] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper$HttpSessionWrapper@3e3a840e. A new one will be created.
13 Jan 2017 20:25:44.244 [http-nio-8090-exec-5] DEBUG org.springframework.security.web.FilterChainProxy - /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
13 Jan 2017 20:25:44.244 [http-nio-8090-exec-5] DEBUG org.springframework.security.web.FilterChainProxy - /login at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
13 Jan 2017 20:25:44.244 [http-nio-8090-exec-5] DEBUG org.springframework.security.web.FilterChainProxy - /login at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'

这里有一段失败的摘录

13 Jan 2017 20:20:58.923 [http-nio-8090-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
13 Jan 2017 20:20:58.923 [http-nio-8090-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
13 Jan 2017 20:20:58.923 [http-nio-8090-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
13 Jan 2017 20:20:58.923 [http-nio-8090-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /login at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
13 Jan 2017 20:20:58.923 [http-nio-8090-exec-8] DEBUG org.springframework.security.web.csrf.CsrfFilter - Invalid CSRF token found for http://localhost:8090/login
13 Jan 2017 20:20:58.923 [http-nio-8090-exec-8] DEBUG org.springframework.security.web.header.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@1f8411e9
13 Jan 2017 20:20:58.923 [http-nio-8090-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
13 Jan 2017 20:20:58.931 [http-nio-8090-exec-8] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

当它起作用的时候

13 Jan 2017 20:20:58.923 [http-nio-8090-exec-8] DEBUG org.springframework.security.web.csrf.CsrfFilter - Invalid CSRF token found for http://localhost:8090/login

13 Jan 2017 20:25:44.244 [http-nio-8090-exec-5] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
13 Jan 2017 20:25:44.244 [http-nio-8090-exec-5] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper$HttpSessionWrapper@3e3a840e. A new one will be created.
13 Jan 2017 20:25:44.244 [http-nio-8090-exec-5] DEBUG org.springframework.security.web.FilterChainProxy - /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
13 Jan 2017 20:25:44.244 [http-nio-8090-exec-5] DEBUG org.springframework.security.web.FilterChainProxy - /login at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
13 Jan 2017 20:25:44.244 [http-nio-8090-exec-5] DEBUG org.springframework.security.web.FilterChainProxy - /login at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'

---

尝试将登录处理url添加到http（HttpSecurity）实例：

.loginProcessingUrl("/login")

---

在进行更改后，我在浏览器或服务器日志中没有看到任何不同。我应该寻找什么？尝试删除successHandler.setDefaultTargetUrl（“/index”）；当我删除successHandler对象并改用defaultSuccessUrl（“/index”）时，仍然会发生这种情况