最简单的 spring 安全配置破坏了我正在运行的 spring-boot 应用程序

我有一个可以运行的 Spring Boot 应用程序，并且可以进行单元测试。

如果我为 Spring Security 添加任何配置，则无法提供任何页面，它只是尝试提供静态内容，控制器永远不会被调用！

即使这样的配置也不会导致对控制器的调用：

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.authorizeHttpRequests(authorize -> authorize.anyRequest().permitAll());
    return http.build();
}

简单测试的完整日志：

02-04-2024 14:59:43,791 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@615e83ac, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@4438938e, org.springframework.security.web.context.SecurityContextHolderFilter@25e8e59, org.springframework.security.web.header.HeaderWriterFilter@7e18ced7, org.springframework.web.filter.CorsFilter@4e50ae56, org.springframework.security.web.csrf.CsrfFilter@1e120628, org.springframework.security.web.authentication.logout.LogoutFilter@5773d271, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@50a7c72b, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@54c11750, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1c68d0db, org.springframework.security.web.access.ExceptionTranslationFilter@5d5d3a5c, org.springframework.security.web.access.intercept.AuthorizationFilter@4ebd6fd6]] (1/1)

02-04-2024 14:59:43,792 +0100 DEBUG o.s.s.w.FilterChainProxy [cfg-Test worker] Securing GET /login
02-04-2024 14:59:43,792 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking DisableEncodeUrlFilter (1/12)
02-04-2024 14:59:43,793 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking WebAsyncManagerIntegrationFilter (2/12)
02-04-2024 14:59:43,793 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking SecurityContextHolderFilter (3/12)
02-04-2024 14:59:43,794 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking HeaderWriterFilter (4/12)
02-04-2024 14:59:43,795 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking CorsFilter (5/12)
02-04-2024 14:59:43,795 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking CsrfFilter (6/12)
02-04-2024 14:59:43,796 +0100 TRACE o.s.s.w.c.CsrfFilter [cfg-Test worker] Did not protect against CSRF since request did not match And [CsrfNotRequired [TRACE, HEAD, GET, OPTIONS], Not [Or [Ant [pattern='/logon/**']]]]
02-04-2024 14:59:43,796 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking LogoutFilter (7/12)
02-04-2024 14:59:43,796 +0100 TRACE o.s.s.w.a.l.LogoutFilter [cfg-Test worker] Did not match request to Ant [pattern='/logout', POST]
02-04-2024 14:59:43,796 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking RequestCacheAwareFilter (8/12)
02-04-2024 14:59:43,796 +0100 TRACE o.s.s.w.s.HttpSessionRequestCache [cfg-Test worker] matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
02-04-2024 14:59:43,797 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking SecurityContextHolderAwareRequestFilter (9/12)
02-04-2024 14:59:43,797 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking AnonymousAuthenticationFilter (10/12)
02-04-2024 14:59:43,797 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking ExceptionTranslationFilter (11/12)
02-04-2024 14:59:43,797 +0100 TRACE o.s.s.w.FilterChainProxy [cfg-Test worker] Invoking AuthorizationFilter (12/12)
02-04-2024 14:59:43,798 +0100 TRACE o.s.s.w.a.i.RequestMatcherDelegatingAuthorizationManager [cfg-Test worker] Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@2674ca88]
02-04-2024 14:59:43,798 +0100 TRACE o.s.s.w.a.i.RequestMatcherDelegatingAuthorizationManager [cfg-Test worker] Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@2674ca88] using org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x00007f94405089f8@430212cb
02-04-2024 14:59:43,798 +0100 DEBUG o.s.s.w.FilterChainProxy [cfg-Test worker] Secured GET /login
02-04-2024 14:59:43,800 +0100 TRACE o.s.w.s.h.SimpleUrlHandlerMapping [cfg-Test worker] Mapped to HandlerExecutionChain with [ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]] and 3 interceptors
02-04-2024 14:59:43,803 +0100 DEBUG o.s.w.s.r.ResourceHttpRequestHandler [cfg-Test worker] Resource not found
02-04-2024 14:59:43,806 +0100 TRACE o.s.s.w.h.w.HstsHeaderWriter [cfg-Test worker] Not injecting HSTS header since it did not match request to [Is Secure]
02-04-2024 14:59:43,806 +0100 DEBUG o.s.w.s.m.s.DefaultHandlerExceptionResolver [cfg-Test worker] Resolved [org.springframework.web.servlet.resource.NoResourceFoundException: No static resource login.]
02-04-2024 14:59:43,806 +0100 TRACE o.s.s.w.c.HttpSessionSecurityContextRepository [cfg-Test worker] No HttpSession currently exists
02-04-2024 14:59:43,806 +0100 TRACE o.s.s.w.c.SupplierDeferredSecurityContext [cfg-Test worker] Created SecurityContextImpl [Null authentication]
02-04-2024 14:59:43,806 +0100 TRACE o.s.s.w.c.SupplierDeferredSecurityContext [cfg-Test worker] Created SecurityContextImpl [Null authentication]
02-04-2024 14:59:43,807 +0100 TRACE o.s.s.w.a.AnonymousAuthenticationFilter [cfg-Test worker] Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]

MockHttpServletRequest:
  HTTP Method = GET
  Request URI = /login
   Parameters = {}
      Headers = []
         Body = null
Session Attrs = {}

Handler:
         Type = org.springframework.web.servlet.resource.ResourceHttpRequestHandler

Async:
    Async started = false
    Async result = null

Resolved Exception:
         Type = org.springframework.web.servlet.resource.NoResourceFoundException

ModelAndView:
    View name = null
         View = null
        Model = null

FlashMap:
   Attributes = null

MockHttpServletResponse:
       Status = 404
Error message = No static resource login.
      Headers = [Vary:"Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers", X-Content-Type-Options:"nosniff", X-XSS-Protection:"0", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY"]
 Content type = null
         Body = 
Forwarded URL = null

重定向的 URL = null 饼干=[]

Status
Expected :200
Actual   :404

我在复活节假期期间尝试了很多方法，但没有任何效果。 如果我删除 spring security 一切正常，将其添加回来并且没有其他更改，应用程序将不会启动并且所有测试都会失败。

在 Windows 10 上启动，现在在 Suse Linux Leap 15.5 上运行，在 JDK 21、Gradel 8.6、IntelliJ 下运行。

只是不明白添加安全配置如何在没有安全故障的情况下阻止应用程序运行！

一定是在某个地方做错了什么，不知道从哪里或从哪里开始寻找。 源代码只有 6MB 多一点。

有什么建议吗？