它在您使用网页登录表单时有效，因为您的 UI 和服务器在同一个域中.当 Spring Security 对用户进行身份验证时，我相信它会在 cookie 标头中添加一个会话 ID，以便在您登录后能够对每个请求进行身份验证.当从另一个域访问您的 Spring API 时，在这种情况下是您的 Android 应用程序，它不再位于同一个域中，因此 Spring Security 不会将会话 ID 添加到 cookie 标头中.所以要做你想做的事情，我相信你必须编写自己的身份验证过滤器来向请求添加 cookie 或标头.这是一个使用 JSON Web Tokens 使用 Spring Boot 对 api 进行身份验证的链接.https://auth0.com/blog/implementing-jwt-authentication-on-spring-boot/

It works when you use the web page login form because your UI and server are in the same domain. When Spring Security authenticates a user I believe it adds a session id to the cookie header so it is able to authenticate every request after you login. When hitting your Spring API from another domain, in this case your Android App, it is no longer in the same domain, so Spring Security won't add the session id to the cookie header. So to do what you want to do I believe you have to write your own authentication filter to add a cookie or header to the request. Here is a link that uses JSON Web Tokens to authenticate an api using spring boot. https://auth0.com/blog/implementing-jwt-authentication-on-spring-boot/