起因:springboot 2.7.x 升级到 3.5.x
导致 spring security 升级
导致问题原因在于默认持久化改变了
官方文档
解决方案 二选一
改配置 SecurityFilterChain 中加上
.securityContext(securityContext -> securityContext
.requireExplicitSave(false) // 允许自动保存,避免手动操作
);代码中保存
// in login controller
@Autowired
private SecurityContextRepository securityContextRepository;
@PostMapping("/login")
public ResponseEntity<?> login(@RequestBody LoginRequest req,
HttpServletRequest request,
HttpServletResponse response) {
//...... do login and get auth
// 创建并设置 SecurityContext
SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(auth);
SecurityContextHolder.setContext(context);
// 手动保存到 Repository(如 Session)
securityContextRepository.saveContext(context, request, response);
return ResponseEntity.ok("Login success");
}