@SpringBootApplication
@MapperScan("com.cll.jtool.security.mapper")
@ComponentScan("com.cll.jtool.common.util")
public class JtoolSecurityApplication {
public static void main(String[] args) {
ConfigurableApplicationContext run = SpringApplication.run(JtoolSecurityApplication.class, args);
}
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
//关闭csrf
.csrf().disable()
.cors().and()
//不通过Session获取SecurityContext
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
// 对于登录接口 允许匿名访问
.antMatchers("/user/login").permitAll()
// 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated().and()
// .addFilterBefore(jtoolAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.build();
}
![img](https://img-mid.csdnimg.cn/release/static/image/mid/ask/846679294786199.png "#left")
就加了一个@ComponentScan("com.cll.jtool.common.util"),而且这个包里根本没有和SpringSecurity有关的东西,一旦访问接口就会报403,一旦注释掉这行,我的SecurityConfig就会正常。