spring-security-4.0，重启服务后，post请求提示无权限

这个问题困扰我好久了，配置了Spring4.2.5+Spring security4.0（集成了cas）之后，采用Spring mvc框架，服务启动之后，访问服务时，如果第一个请求是Post请求，都返回403错误，跳转到指定的无权限页面，get请求就可以正常访问。打个比方就是我打开一个查询页面，按照查询条件查询了一些数据，这就等于是做了一次post请求，然后我关闭服务再重启，重启之后，我在刚才的查询页面按F5刷新，就跳转到了403页面。。。如果在浏览器地址栏中敲回车则能访问到查询页面。。。求大神帮忙解决。

applicationContext-security-cas.xml代码如下：

 <?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans  
       http://www.springframework.org/schema/beans/spring-beans.xsd  
       http://www.springframework.org/schema/context  
       http://www.springframework.org/schema/context/spring-context.xsd  
       http://www.springframework.org/schema/security  
       http://www.springframework.org/schema/security/spring-security-4.0.xsd">

    <!-- 浏览权限设定，根据自己的情况修改 -->
    <sec:http auto-config="true" use-expressions="true"
        disable-url-rewriting="true" entry-point-ref="casProcessingFilterEntryPoint">
        <sec:anonymous enabled="false" />
        <sec:intercept-url pattern="/**/*.jsp" access="isAuthenticated()" /> 
        <sec:intercept-url pattern="/**/*.do" access="isAuthenticated()" />
        <sec:intercept-url pattern="/**/*.html" access="isAuthenticated()" />
        <sec:intercept-url pattern="/**/*.htm" access="isAuthenticated()" />
        <sec:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" />
        <sec:logout logout-success-url="${cas-server-url}/logout?service=${cas-service-url}" />
        <sec:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
        <sec:custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
        <sec:session-management invalid-session-url="">
            <sec:concurrency-control max-sessions="1"
                error-if-maximum-exceeded="false" expired-url="/common/timeout.jsp" />
        </sec:session-management>
    </sec:http>

    <!-- This filter handles a Single Logout Request from the CAS Server -->
    <bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />

    <!-- This filter redirects to the CAS Server to signal Single Logout should 
        be performed -->
    <bean id="requestSingleLogoutFilter"
        class="org.springframework.security.web.authentication.logout.LogoutFilter">
        <constructor-arg value="${cas-server-url}/logout?service=${cas-service-url}" />
        <constructor-arg>
            <bean
                class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
        </constructor-arg>
        <property name="filterProcessesUrl" value="/logout" />
    </bean>

    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider ref="casAuthenticationProvider" />
    </sec:authentication-manager>

    <bean id="casAuthenticationFilter"
        class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager" />
    </bean>

    <bean id="casProcessingFilterEntryPoint"
        class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <!-- 单点登录服务器登录URL -->
        <property name="loginUrl" value="${cas-server-url}/login" />
        <property name="serviceProperties" ref="serviceProperties" />
    </bean>
    <bean id="casAuthenticationProvider"
        class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <property name="authenticationUserDetailsService">
            <bean
                class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                <constructor-arg ref="loginServiceImpl" />
            </bean>
        </property>
        <property name="serviceProperties" ref="serviceProperties" />
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0" value="${cas-server-url}" />
            </bean>
        </property>
        <property name="key" value="an_id_for_this_auth_provider_only" />
    </bean>

    <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <property name="service" value="${cas-service-url}/login/cas" />
        <property name="sendRenew" value="true" />
    </bean>
</beans>

Controller代码如下：

 @RequestMapping(value = "/findDevice", method = { RequestMethod.POST,
            RequestMethod.GET })//
    public ModelAndView findDevice(HttpServletRequest request,
            String deviceName, String deviceNO) throws AppException {
        /**
         * 获取页面查询标志位，如果flag.equals("query") == true，则封装查询条件。
         */
        String flag = request.getParameter("flag");

        // 封装查询条件
        Map<String, String> map = new HashMap<String, String>();
        if (null != flag && "query".equals(flag)) {
            map.put("deviceName", deviceName);
            map.put("deviceNO", deviceNO);
        }

        // 分页框架，该代码后的第一个查询接口会被执行分页操作
        PageHelper.startPage(this.getPageNum(request),
                this.getPageSize(request));
        // 查询资产集合
        List<DeviceDTO> deviceDTOList = this.deviceServiceImpl
                .findAllDeviceList(map);
        // 初始化分页数据
        PageInfo<DeviceDTO> pagehelper = new PageInfo<DeviceDTO>(deviceDTOList);

        // 封装页面所需数据
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.addObject("pagehelper", pagehelper);
        modelAndView.addObject("deviceName", deviceName);
        modelAndView.addObject("deviceNO", deviceNO);
        modelAndView.setViewName("jb/sbgla/device/findDevice");
        return modelAndView;
    }