Spring Security建立在过滤器链的有序列表上，对于每个请求，具有匹配路径的第一个请求将处理身份验证.您的组合应用程序中有3个过滤器链，一个由@EnableAuthorizationServer创建(默认顺序= 0)，一个由@EnableResourceServer创建(默认顺序= 3)和一个由MyStaysureSecurityConfiguration创建(同时也包含顺序) = 0).不允许有2个具有相同顺序的过滤器，因此您需要重新排列它们，并为它们提供适合您的用例的请求匹配器.也许您仍然不需要@EnableAuthorizationServer(问题尚不清楚)?无论如何，这都很简单-您有2个选择(大约):

Spring Security is built on an ordered list of filter chains, and for each request the first one with a matching path handles the authentication. You have 3 filter chains in your combined app, one created by @EnableAuthorizationServer (with default order=0), one created by @EnableResourceServer (with default order=3), and one created by your MyStaysureSecurityConfiguration (also with order=0). You aren't allowed to have 2 filters with the same order so you need to re-arrange them and give them request matchers that make sense for your use case. Maybe you didn't need the @EnableAuthorizationServer anyway (it was unclear from the question)? In any case it is pretty simple - you have 2 choices (roughly):

1. 从您的MyStaysureSecurityConfiguration中的请求匹配器中排除oauth2资源，并允许它们由资源服务器过滤器进行处理.

1. exclude the oauth2 resources from the request matchers in your MyStaysureSecurityConfiguration and allow them to be handled by the resource server filter.

将资源服务器过滤器重新排序为较低的顺序，并为其提供仅与oauth2资源匹配的请求匹配器.

re-order the resource server filter to a lower order and give it a request matcher that only matches the oauth2 resources.