Java 通过Spring Security在一个应用程序中正确配置两个单独的登录表单

我的web应用程序中有两个不同的用户：客户端和翻译器。我为此创建了两种不同的HttpSecurity配置。我有两种配置的超级类：

@Configuration
@ComponentScan(basePackages = {"ua.translate"})
public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    CustomSuccessHandler customSuccessHandler;

    @Autowired
    @Qualifier("customAccessDeniedHandler")
    AccessDeniedHandler accessDeniedHandler;

    @Autowired
    DataSource dataSource;

    @Autowired
    PersistentTokenRepository tokenRepository;

    @Override
    public void configure(WebSecurity web){
        web 
            .ignoring()
            .antMatchers(new String[]{"/resources/**"});
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth,@Qualifier("detailsService") UserDetailsService uds) throws Exception{
        auth.userDetailsService(uds)
            .passwordEncoder(bcryptEncoder());

    }

    @Bean
    public PasswordEncoder bcryptEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Autowired
    @Bean
    public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices(@Qualifier("detailsService") UserDetailsService uds) {
        PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
                "remember-me", uds, tokenRepository);
        return tokenBasedservice;
    }


    @Bean
    public SavedRequestAwareAuthenticationSuccessHandler 
                savedRequestAwareAuthenticationSuccessHandler() {

               SavedRequestAwareAuthenticationSuccessHandler auth 
                    = new SavedRequestAwareAuthenticationSuccessHandler();
        auth.setTargetUrlParameter("targetUrl");
        return auth;
    }   


}

对于不同的用户，有两种不同的配置：

@Configuration
@EnableWebSecurity
public class AppSecurityConfigGlobal{


    @Configuration
    @Order(1)
    public static class AppSecurityConfigTranslator extends AppSecurityConfig{

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .antMatcher("/translator/**")
                    .authorizeRequests()
                    .antMatchers("/translator/registration*","/bulbular*").anonymous()
                    .antMatchers("/translator/index","/translator/login*").permitAll()
                    .antMatchers("/translator/**").hasRole("TRANSLATOR")
                    .anyRequest().authenticated()
                .and()
                    .formLogin()
                    .loginPage("/translator/login")
                    .permitAll()
                    .successHandler(customSuccessHandler)
                    .failureUrl("/translator/login?error")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .loginProcessingUrl("/j_spring_security_check")
                .and()
                        .logout().deleteCookies("JSESSIONID")
                                .logoutUrl("/translator/logout")
                                .logoutSuccessUrl("/translator/login?logout")
                .and()
                    .rememberMe().tokenRepository(tokenRepository)
                    .tokenValiditySeconds(86400)
                .and()
                    .csrf()
                .and()
                    .exceptionHandling()
                    .accessDeniedHandler(accessDeniedHandler);

        }
    }

    @Configuration
    @Order(2)
    public static class AppSecurityConfigClient extends AppSecurityConfig{
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http    
                    .authorizeRequests()
                    .antMatchers("/client/registration*","/bulbular*").anonymous()
                    .antMatchers("/client/**").hasRole("CLIENT")
                    .antMatchers("/admin/**").hasRole("ADMIN")
                    .antMatchers("/index","/translators","/orders","/client/login*").permitAll()
                .and()
                    .formLogin()
                    .loginPage("/client/login")
                    .permitAll()
                    .successHandler(customSuccessHandler)
                    .failureUrl("/client/login?error")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .loginProcessingUrl("/j_spring_security_check")
                .and()
                        .logout().deleteCookies("JSESSIONID")
                                .logoutUrl("/client/logout")
                                .logoutSuccessUrl("/client/login?logout")
                .and()
                    .rememberMe().tokenRepository(tokenRepository)
                    .tokenValiditySeconds(86400)
                .and()
                    .csrf()
                .and()
                    .exceptionHandling()
                    .accessDeniedHandler(accessDeniedHandler);
        }
    }
}

我的问题是，当角色为_CLIENT的用户注销时，他将被重定向到../CLIENT/login，并且没有显示成功注销的消息

但当角色为_TRANSLATOR的用户注销时，他将被重定向到../TRANSLATOR/login？注销，并显示消息，因此没有问题

---

我不明白这个问题的原因，请帮帮我）

我找到了这个问题的原因！在客户端的配置中，我有：

 .antMatchers("/client/registration*","/bulbular*").anonymous()
                    .antMatchers("/client/**").hasRole("CLIENT")
                    .antMatchers("/admin/**").hasRole("ADMIN")
                    .antMatchers("/index","/translators","/orders","/client/login*").permitAll()

但配置中andMatchers（..）顺序的一个规则是：最严格的andMatchers必须是最后一个

我改变了顺序：

.antMatchers("/client/registration*","/bulbular*").anonymous()
                    .antMatchers("/index","/translators","/orders","/client/login*").permitAll()
                    .antMatchers("/client/**").hasRole("CLIENT")
                    .antMatchers("/admin/**").hasRole("ADMIN")

问题解决了！）