Why won´t Spring Security 5 redirect back to protected resource after login?

问题

After upgrading our authentication server from Spring Boot 1.5.13 to 2.1.3 it stopped redirecting after successful logins. It tries to reload the /login page now. I created a web site, proxy server and authentication service in GitHub to demonstrate the problem.

For this integration test, create a PCF Space that includes a service registry and these micro-services:

• Angular Example - If you bypass the proxy and go to the angular example route the page loads. TRY IT.
• Authentication Example - If you bypass the proxy and go to the authentication server root you can sign in and access a protected page. TRY IT
• Zuul Proxy Example - If you try to access the angular example via the proxy, then you do not get forwarded to the angular example after logging in. TRY IT

If you attempt to access the authentication server root ¨/¨ the protected page loads normally, and the unit tests work fine.

Here is the authentication server configuration.

  protected void configure(HttpSecurity http) throws Exception {

    // @formatter:off
    http
        .requestMatchers()
            .antMatchers("/", "/login", "/oauth/authorize", "/oauth/confirm_access")
            .and()
        .authorizeRequests()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .permitAll();
    // @formatter:on
  }

}

Here is all the code for all the projects:

• Angular example Github: https://github.com/smitchell/cloud-foundry-angular-example
• Proxy Server Github: https://github.com/smitchell/spring-boot-netflix-zuul-proxy
• Auth Server Github: https://github.com/smitchell/spring-security-5-upgrade_sso-auth-server

Expected Result

1. User tries to access the Angular site via an SSO-enabled proxy server.
2. Spring Security on the proxy server redirects the user's browser to the Login page on the authentication server.
3. The user signs in and posts the Login form to the authentication server.
4. The authentication server creates a JWT oauth2 token and forwards the user to the orginally requested Angular site.

Actual Results

The authentication server forwards the user back to the Login page.

来源：https://stackoverflow.com/questions/55993503/why-won%c2%b4t-spring-security-5-redirect-back-to-protected-resource-after-login