我检查了几个博客/ doc / stackoverflow论坛条目，但我仍然不知道自己在做什么错。
我想将URL授予任何人。 permitAll 由于我有自定义过滤器，因此无法正常工作。因此，我想创建一个单独的 http 元素并使用
security="none" 设置，但到目前为止没有成功。

<security:http pattern="/status" security="none"/>

<!-- ******************** rules with encryption and HMAC authentication ******************** -->
<security:http create-session="stateless" use-expressions="true" authentication-manager-ref="authenticationManager" auto-config="true" entry-point-ref="http403EntryPoint" pattern="/**">
    <!-- HMAC only -->
    <security:intercept-url pattern="/utils/logheaderpattern/check" access="authenticated" />
    <security:intercept-url pattern="/executionflow/approve" access="authenticated" />
    <security:intercept-url pattern="/executionflow/approve_and_forced_start" access="authenticated" />
    <security:intercept-url pattern="/utils/maintenancewindow/next/**" access="authenticated" />
    <security:intercept-url pattern="/executionflow/start/manual" access="authenticated" />
    <security:intercept-url pattern="/executionflow/start/eventlife" access="authenticated" />
    <security:intercept-url pattern="/executionflow/skip/eventlife" access="authenticated" />
    <security:intercept-url pattern="/executionflow/start/scheduled" access="authenticated" />
    <security:intercept-url pattern="/utils/cron/nextrun" access="authenticated" />
    <!-- HMAC and encryption (set in encryptionFilter) -->
    <security:intercept-url pattern="/worker/command/**" access="authenticated" />
    <security:intercept-url pattern="/worker/event" access="authenticated" />
    <security:intercept-url pattern="/worker/system/**" access="authenticated" />
    <!-- deny all others -->
    <security:intercept-url pattern="/**" access="denyAll" />

    <security:csrf disabled="true" />
    <security:custom-filter ref="encryptionFilter" before="FORM_LOGIN_FILTER"/>
    <security:custom-filter ref="hmacAuthenticationFilter" after="FORM_LOGIN_FILTER"/>
</security:http>


<!-- ******************** Defining the authentication manager ******************** -->
<security:authentication-manager erase-credentials="false" id="authenticationManager">
    <security:authentication-provider user-service-ref="fileBasedUserDetailsService">
    </security:authentication-provider>
</security:authentication-manager>

和控制器：

@Controller
public class WebController {
  @RequestMapping(value = "/status", method = RequestMethod.GET)
  public String redirect() {
     return "redirect:/pages/status.html";
  }
}

和Spring Boot初始化程序

@Configuration
@ImportResource({"classpath:applicationContext.xml", "classpath:securityContext.xml"})
@ComponentScan(basePackages = {"org.reaction.engine.controller", 
                            "org.reaction.engine.persistence.service",
                            "org.reaction.engine.persistence.converter",
                            "org.reaction.engine.service",
                            "org.reaction.engine.scheduling.utils"})
@EnableAutoConfiguration
public class WebInitializer extends SpringBootServletInitializer implements WebApplicationInitializer {

  @Override
  protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
     return application.sources(WebInitializer.class);
  }


  public static void main(String[] args) throws Exception {
     SpringApplication.run(WebInitializer.class, args);
  }

}

我一直在

  2018-01-15 16:04:02.676 ERROR [org.springframework.boot.web.support.ErrorPageFilter:176] - Forwarding to error page from request [/status] due to exception [An Authentication object was not found in the SecurityContext]
  org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
          at org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:379)
          at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:223)
          at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
          at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)

例外。任何的想法？