Spring Security Authentication第一次没有要求登录？

Question

我已经在我的应用程序中实现了LDAP身份验证，即使在使用logout方法删除cookie后，我也会遇到身份验证问题 代码段

    @Override
protected void configure(HttpSecurity http) throws Exception {
    http.httpBasic().and().authorizeRequests().antMatchers("/login")
            .authenticated().and().csrf()
            .csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
            .sessionManagement().maximumSessions(200).expiredUrl("/logout")
            .maxSessionsPreventsLogin(true)
            .sessionRegistry(sessionRegistry()).and().and().logout()
            .deleteCookies("JSESSIONID").deleteCookies("XSRF-TOKEN")
            .logoutUrl("/logout").invalidateHttpSession(true)
            .logoutSuccessHandler(new LogoutSuccessHandler() {

                @Override
                public void onLogoutSuccess(HttpServletRequest request,
                        HttpServletResponse response,
                        Authentication authentication) throws IOException,
                        ServletException {
                    response.sendError(200);

                }
            }).invalidateHttpSession(true);


}

@Bean
public SessionRegistry sessionRegistry() {
    SessionRegistry sessionRegistry = new SessionRegistryImpl();
    return sessionRegistry;
}

@Override
protected void configure(AuthenticationManagerBuilder auth)
        throws Exception {
    auth.ldapAuthentication().userDetailsContextMapper(userDetailsMapper)
            .contextSource().and().userSearchFilter(searchfilter)
            .userSearchBase(searchbase).groupSearchBase(groupsearchbase)
            .contextSource().url(url).managerDn(username)
            .managerPassword(password);

}



    private Filter csrfHeaderFilter() {
    return new OncePerRequestFilter() {
        @Override
        protected void doFilterInternal(HttpServletRequest request,
                HttpServletResponse response, FilterChain filterChain)
                throws ServletException, IOException {
            CsrfToken csrf = (CsrfToken) request
                    .getAttribute(CsrfToken.class.getName());
            if (csrf != null) {
                Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
                String token = csrf.getToken();

                if (request.getRequestURI() != null) {

                    if (request.getRequestURI().toLowerCase()
                            .substring(1, request.getRequestURI().length())
                            .equals("login")) {
                        cookie = new Cookie("XSRF-TOKEN", token);
                        cookie.setPath("/");
                        cookie.setMaxAge(expiryTime); // expiry time is 3600 seconds in my case
                        response.addCookie(cookie);
                        filterChain.doFilter(request, response);

                    }

                    else {
                        if (cookie != null) {
                            filterChain.doFilter(request, response);
                        } else {
                            response.sendError(403,
                                    "you are not authorized to see this page .Issue has been logged.");

                        }
                    }
                }

            }

        }
    };

控制器

  @RestController
@RequestMapping("/")
public class LoginController {

    @Autowired
    private CustomUserDetailsContextMapper userDetailsMapper;

    @RequestMapping(value = { "/login" }, method = RequestMethod.GET)
    public @ResponseBody ResponseEntity<CustomUser> login() {

        CustomUser customUser = userDetailsMapper.getUserDetails();
        return new ResponseEntity<CustomUser>(customUser, HttpStatus.OK);

    }

    @RequestMapping(value = { "/logout" }, method = RequestMethod.GET)
    public @ResponseBody String logout() {
        return "success";

    }

    /*
     * This controller is just for testing ,we can delete it later.
     */
    @RequestMapping(value = { "/random/controller" }, method = RequestMethod.GET)
    public @ResponseBody HttpStatus retrievelogin1() {
        System.out.println("user is " + userDetailsMapper.getUserDetails());
        return HttpStatus.ACCEPTED;

    }

问题

当我第一次登录然后它工作正常，它要求凭据和一切按预期工作但当我退出并且我再次登录时，它不会要求凭据。

根据代码，注销删除cookie，我可以看到使用请求客户端，但它仍然没有要求凭据。我尝试过不同的浏览器（IE，Firefox，Chrome），我尝试过＆＃34; ncognito＆＃34 ;模式，但没有帮助。

似乎浏览器将其存储在缓存中。

当我使用formlogin而不是httpbasic 时，我每次都会看到登录页面但在我的情况下我不能使用formlogin，我必须使用httpbasic。

请告诉我你的想法。如果需要任何信息，请告诉我。

提前致谢，