小编Eri*_*cau的帖子

以下SecurityWebFilterChain在 Spring Boot 2.7.x 中工作得很好，但在 Spring Boot 3.0.0 中不再工作。在Postman中调用REST API时，它只是显示“无法找到预期的CSRF令牌”。请您教我如何解决它？

@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
    
    
    http
            .cors().disable()               
            .csrf().disable()
            
            .exceptionHandling()
            .authenticationEntryPoint((swe, e) -> 
                Mono.fromRunnable(() -> swe.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED))
            ).accessDeniedHandler((swe, e) -> 
                Mono.fromRunnable(() -> swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN))
            )
            .and()
            .authenticationManager(authenticationManager)
            .securityContextRepository(securityContextRepository)
            .authorizeExchange(exchange -> exchange                                     
                    .pathMatchers(HttpMethod.OPTIONS).permitAll()
                    .pathMatchers("/login", "/register").permitAll()                        
                    .anyExchange().authenticated()
                    .and()
                    .cors().disable()
                    .csrf().disable()
            )
            .formLogin().disable()
            .httpBasic().disable()   
            ;
            
    return http.csrf(csrf -> csrf.disable()).build();
}

以下配置（filterChain）在 SpringBoot-2.7.5 中工作正常，但在我尝试在 SpringBoot-3.0.0-RC1 中测试它之后，它不起作用并显示以下消息，如果想要迁移，我需要更改任何内容到 Spring-Boot-3.0.0。谢谢。

{“timestamp”：1667794247614，“status”：401，“error”：“未经授权”，“message”：“在SecurityContext中找不到身份验证对象”，“path”：“/ api / admin / 1”}

 @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.cors().and().csrf().disable()
        .exceptionHandling().authenticationEntryPoint(jwtAuthenticationProvider).and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
        .authorizeRequests()
        .antMatchers("/**").permitAll()            
        // private endpoints
        .anyRequest().authenticated();

    http.addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class);

    return http.build();
}

以下是jwtTokenFilter：

@Component
public class **JwtTokenFilter** extends OncePerRequestFilter {

    @Autowired
    private JwtTokenUtil jwtTokenUtil;
    
    @Autowired
    private JPAUserDetailService jpaUserDetailService;

    

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
        // Get authorization header and validate
        final String header = request.getHeader(HttpHeaders.AUTHORIZATION);
        
        if (isEmpty(header) || !header.startsWith("Bearer ")) { …