spring security 无法获取登录用户

起因：springboot 2.7.x 升级到 3.5.x

导致 spring security 升级

导致问题原因在于默认持久化改变了

官方文档

https://docs.spring.io/spring-security/reference/6.5/servlet/authentication/session-management.html#requireexplicitsave

解决方案 二选一

改配置 SecurityFilterChain 中加上

.securityContext(securityContext -> securityContext
            .requireExplicitSave(false) // 允许自动保存，避免手动操作
        );

代码中保存

	// in login controller
    
    @Autowired
    private SecurityContextRepository securityContextRepository;
   
    @PostMapping("/login")
    public ResponseEntity<?> login(@RequestBody LoginRequest req, 
                                   HttpServletRequest request, 
                                   HttpServletResponse response) {
            //...... do login and get auth

            // 创建并设置 SecurityContext
            SecurityContext context = SecurityContextHolder.createEmptyContext();
            context.setAuthentication(auth);
            SecurityContextHolder.setContext(context);

            // 手动保存到 Repository（如 Session）
            securityContextRepository.saveContext(context, request, response);

            return ResponseEntity.ok("Login success");
    }