我已经创建了这个，现在可以使用了:

I have created this, and it works now:

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {

}

这会明显地激活 SpringSecurityFilterChain.

This activates the SpringSecurityFilterChain apperently.

由于 CSRF 错误，我还不得不从 @EnableWebSecurity 切换到 @EnableWebMvcSecurity.正如在 spring 文档中所写:

I also had to switch from @EnableWebSecurity to @EnableWebMvcSecurity because of an CSRF error. As in the spring doc is written:

...原因是 Spring Security 是针对 CSRF 的attakcks 并且我们的请求中没有包含 CSRF 令牌.更新我们的使用 @EnableWebMvcSecurity 注释的配置与@EnableWebMvcSecurity 做同样的事情并提供与春天的MVC.除其他外，它将确保我们的 CSRF 令牌是使用 Thymleaf 2.1+ 或 Spring 时自动包含在我们的表单中MVC 标签库...

...The reason is that Spring Security is protecting against CSRF attakcks and there is no CSRF token include in our request. Update our configuration to use the @EnableWebMvcSecurity annotation which will do the same as @EnableWebMvcSecurity and provide integration with Spring MVC. Among other things, it will ensure our CSRF Token is included in our forms automatically when using Thymleaf 2.1+ or Spring MVC taglibs...

也感谢 M. Deinum 的评论.Spring 最近显然将/j_spring_security_check/j_password/j_username 切换为/login/password/username.

Also Thanks M. Deinum for his comment. Spring has recently switched the /j_spring_security_check /j_password /j_username to /login /password /username apparently.