SecurityContextHolder.getContext().getAuthentication()为空的解决 access = "IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED",当然security 3.1是要修改<http pattern="/login" security="none"/>这类的