而在 BrowserSecurityConfig 中却加了@Autowire。

下面是BrowserSecurityConfig.java 的部分代码：

@Configuration
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private SecurityProperties securityProperties;

    @Autowired
    private AuthenticationSuccessHandler browserAuthenticationSuccessHandler;

    @Autowired
    private AuthenticationFailureHandler browserAuthenticationFailurehandler;


    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        ValidationCodeFilter validationCodeFilter = new ValidationCodeFilter();
        validationCodeFilter.setAuthenticationFailureHandler(browserAuthenticationFailurehandler);
        validationCodeFilter.setSecurityProperties(securityProperties);
        validationCodeFilter.afterPropertiesSet();

下面是ValidateCodeFilter.java的部分代码：

@Getter
@Setter
@NoArgsConstructor
@Slf4j
public class ValidationCodeFilter extends OncePerRequestFilter implements InitializingBean {

    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;

    private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();

    private Set<String> urls = new HashSet<>();


    private SecurityProperties securityProperties;

    private AntPathMatcher pathMatcher = new AntPathMatcher();

    @Override
    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        String[] configUrls = StringUtils.splitByWholeSeparatorPreserveAllTokens(securityProperties.getValidationCode().getImage().getUrl(),",");

        for(String configUrl : configUrls){
            urls.add(configUrl);
        }
        urls.add("/authentication/form");
    }

谢谢老师！