跳过从 Spring Security Config 返回 ModelAndView 的 GET URL

我正在研究 Spring Boot security 3.2.1 并在我的项目中实现了 JWT 身份验证。但是，现在我无法获取之前工作的 HTML 页面。我已在 Spring Security Config 类中添加了这些资源路径，但它仍然返回 403。在实现 Spring Security 之前，我能够使用 URL 获取我的 html 文件 - http://localhost:8080/expensemanager/html/application .html

这是我的项目结构

这是我的安全配置类

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {

    private final JwtAuthenticationFilter jwtAuthenticationFilter;
    private final UserDetailsService userDetailsService;
    
    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        
        http
        .csrf(AbstractHttpConfigurer::disable)
        .authorizeHttpRequests(request -> { request
            
            // Registration Controller
            .requestMatchers("/registration/validateuserid").permitAll()
            .requestMatchers("/registration/registeruser").permitAll()
            
            // Auth Controller
            .requestMatchers("/auth/createtoken").permitAll()
            .requestMatchers("/auth/refreshtoken").hasAnyAuthority(Role.ADMIN.name(), Role.USER.name())
            
            // Master Controller
            .requestMatchers("/master/**").permitAll()
            
            // Resource Controller
            .requestMatchers("/login").permitAll()
            .requestMatchers("/registration").permitAll()
            .requestMatchers("/application").permitAll()
            .requestMatchers("/report").permitAll()
            
            // Report Controller
            .requestMatchers("/report/**").hasAuthority(Role.ADMIN.name())
            
            // Expense Controller
            .requestMatchers("/expense/**").hasAnyAuthority(Role.ADMIN.name(), Role.USER.name())
            
            .anyRequest().authenticated();
        })
        .sessionManagement(manager ->  {
            manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        })
        .authenticationProvider(authenticationProvider()).addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
    
        return http.build();
    }
    
    @Bean
    AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
        authProvider.setUserDetailsService(userDetailsService);
        authProvider.setPasswordEncoder(passwordEncoder());
        
        return authProvider;
    }

    @Bean
    PasswordEncoder passwordEncoder() {
        
        return new BCryptPasswordEncoder();
    }
    
    @Bean
    AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
        
        return configuration.getAuthenticationManager();
    }
}

这是我的控制器类，提供 html 文件，

@RestController
@RequestMapping("/")
public class ResourceController {

    @GetMapping("/login")
    public ModelAndView getLoginPage() {
        
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.setViewName("html/login.html");
        return modelAndView;
    }
    
    @GetMapping("/registration")
    public ModelAndView getRegistrationPage() {
        
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.setViewName("html/registration.html");
        return modelAndView;
    }
    
    @GetMapping("/application")
    public ModelAndView getApplicationPage() {
        
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.setViewName("html/application.html");
        return modelAndView;
    }
    
    @GetMapping("/report")
    public ModelAndView getReportPage() {
        
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.setViewName("html/report.html");
        return modelAndView;
    }
}

这是回复。

非常感谢任何帮助。