真的很奇怪，我肯定我错过了什么。这是我的spring安全配置类：

@Configuration
@EnableWebSecurity
public class AppSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(passwordEncoder())
                .usersByUsernameQuery(
                        "select username,password, enabled from user where username=?")
                .authoritiesByUsernameQuery(
                        "select username, authority from authorities where username=?");

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http    .cors()
                .and()
                .authorizeRequests() // authorize
                .antMatchers("/task/*").permitAll()
                .antMatchers(HttpMethod.POST,"/task/*").permitAll()
                .anyRequest().authenticated() // all requests are authenticated
                .and()
                .httpBasic();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

}

所以在 Postman 上，当我发送get请求时，我得到了200个ok状态码。但当我点击post请求时，我得到了401个未经授权的权限
更新我已经提出了完全相同的职位要求，我得到403禁止这次。。。。。真奇怪
这里还有控制器代码：

@RestController
@RequestMapping("task")
@CrossOrigin("http://localhost:3000")
public class TaskController {

    @Autowired
    private TaskRepo taskRepo;
    //private TaskDAO taskDAO;

    @GetMapping("/list")
    public List<Task> getTasks(){
        return taskRepo.findAll();
    }

    @PostMapping("/create")
    public Task createTask(@RequestBody Task task) {
        Task savedTask = taskRepo.save(task);
        System.out.println("student id " + savedTask.getId());

        return savedTask;

    }

}