SpringBoot Security Demo，跑不通，不知道哪有问题？

在security自带的login页面登陆后，显示403。

启动类

package com.example.security;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.ComponentScan;

/**
 * @author 80958
 */
@SpringBootApplication
@ComponentScan("com.example.security.Service")
@ComponentScan("com.example.security.Mapper")
        public class SecurityApplication {

    public static void main(String[] args) {

        ConfigurableApplicationContext context = SpringApplication.run(SecurityApplication.class, args);
    }

}

配置类

package com.example.security.Controller;

import com.example.security.Service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;


@Configuration
@EnableWebSecurity
public class MvcSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    UserService userService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/admin").hasRole("admin")
                .antMatchers("/one").hasRole("one")
                .antMatchers("/two").hasRole("two")
                .anyRequest().authenticated()
        .and()
                .formLogin()
        .and()
        .logout()
                .logoutUrl("/logout")
        ;
    }
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(new UserService()).passwordEncoder(new PasswordEncoder() {
            @Override
            public String encode(CharSequence rawPassword) {
                return rawPassword.toString();
            }

            @Override
            public boolean matches(CharSequence rawPassword, String encodedPassword) {
                return (encodedPassword.equalsIgnoreCase(rawPassword.toString()));
            }
        });
    }
}

实体类继承UserDetails

package com.example.security.POJO;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;

public class User implements UserDetails{
    private String username;
    private String password;
    private Collection<? extends GrantedAuthority> authorities;

    public User(String username, String password, Collection<? extends GrantedAuthority> authorities) {
        this.username = username;
        this.password = password;
        this.authorities = authorities;
    }

    @Override
    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    @Override
    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }
}

UserService实现UserDetailsService接口

package com.example.security.Service;

import com.example.security.Mapper.UserMapper;
import com.example.security.POJO.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

@Service
public class UserService implements UserDetailsService {

    @Autowired
    private UserMapper userMapper;


    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        User user = userMapper.selectUserByName(s);
        return user;
    }
}

自定义的mapper

package com.example.security.Mapper;

import com.example.security.POJO.User;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

import java.util.*;

@Component
public class UserMapper {
    public User selectUserByName(String s) {
        List<SimpleGrantedAuthority> authorities = new ArrayList<>();
        if ("admin".equalsIgnoreCase(s)){
            authorities.add(new SimpleGrantedAuthority("admin"));
            authorities.add(new SimpleGrantedAuthority("one"));
            authorities.add(new SimpleGrantedAuthority("two"));
            return new User("admin", "123456", authorities);

        }else if ("one".equalsIgnoreCase(s)){
            authorities.add(new SimpleGrantedAuthority("one"));
            return new User("one", "123456", authorities);

        }else if ("two".equalsIgnoreCase(s)){
            authorities.add(new SimpleGrantedAuthority("two"));
            return new User("two", "123456", authorities);

        }else{
            return null;
        }
    }
}

这段
auth.userDetailsService(new UserService()）
手动new的没有注入依赖，用上面注入的userService