我目前正在尝试在jhipster中使用客户端ssl证书。我希望能够自动登录具有预期证书的浏览器，并强制没有证书的浏览器使用正常的身份验证机制（登录/密码）登录。
我已经成功地完成了第一部分（使用客户端证书记录浏览器），我不知道如何让第二部分工作。我现在看到的是，带有证书的浏览器实际上已经登录，但它也阻止了登录/密码机制的工作！

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    private final JHipsterProperties jHipsterProperties;

    private final CorsFilter corsFilter;
    private final SecurityProblemSupport problemSupport;

    public SecurityConfiguration(JHipsterProperties jHipsterProperties, CorsFilter corsFilter, SecurityProblemSupport problemSupport) {
        this.jHipsterProperties = jHipsterProperties;
        this.corsFilter = corsFilter;
        this.problemSupport = problemSupport;
    }

    @Bean
    public AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler() {
        return new AjaxAuthenticationSuccessHandler();
    }

    @Bean
    public AjaxAuthenticationFailureHandler ajaxAuthenticationFailureHandler() {
        return new AjaxAuthenticationFailureHandler();
    }

    @Bean
    public AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler() {
        return new AjaxLogoutSuccessHandler();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    public void configure(WebSecurity web) {
        web.ignoring()
            .antMatchers(HttpMethod.OPTIONS, "/**")
            .antMatchers("/app/**/*.{js,html}")
            .antMatchers("/i18n/**")
            .antMatchers("/content/**")
            .antMatchers("/swagger-ui/index.html")
            .antMatchers("/test/**");
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
            .csrf().ignoringAntMatchers("/whatINeed")
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
        .and()
            .addFilterBefore(corsFilter, CsrfFilter.class)
            .exceptionHandling()
                .authenticationEntryPoint(problemSupport)
                .accessDeniedHandler(problemSupport)
        .and()
            .formLogin()
            .loginProcessingUrl("/api/authentication")
            .successHandler(ajaxAuthenticationSuccessHandler())
            .failureHandler(ajaxAuthenticationFailureHandler())
            .permitAll()
        .and()
            .logout()
            .logoutUrl("/api/logout")
            .logoutSuccessHandler(ajaxLogoutSuccessHandler())
            .permitAll()
        .and()
            .frameOptions()
            .deny()
        .and()
            .authorizeRequests()
            .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN) // Etc.
        .and()
            .x509()
            .subjectPrincipalRegex("CN=(.*?)(?:,|$)")
            .userDetailsService(userDetailsService());
        // @formatter:on
    }

    @Bean
    public UserDetailsService userDetailsService() {
        return new UserDetailsService() {
            @Override
            public UserDetails loadUserByUsername(String username) {
                if (username.equals("MyUser")) {
                    return new User("user", "",
                        AuthorityUtils
                            .commaSeparatedStringToAuthorityList(AuthoritiesConstants.USER));
                }

                throw new UsernameNotFoundException("User not found!");
            }
        };
    }
}

仅供参考，ssl部分由nginx管理，它只将cn头传递给spring boot。因此jhipster和spring boot在http中工作，只有cn头需要解析，以便从证书中获取信息：nginx的工作是验证证书并将正确的信息传递给jhipster。
因此，当ssl客户端证书的通用名称为“myuser”时，我登录他。现在，我如何拥有正常的登录机制？