如何通过XML配置仅针对特定的URL模式在Spring Security 4中禁用CSRF？

如何通过XML配置仅针对特定的URL模式在Spring Security 4中禁用CSRF？

仅XML更改无法实现。下面为我​​工作

Spring-security.xml中的* 更改 *

<security:http  use-expressions="true" authentication-manager-ref="authenticationManager">    <security:intercept-url pattern="/auth/**" access="hasAnyRole('ROLE_USER')" />    <security:form-login login-page="/login" authentication-success-handler-ref="loginSuccessHandler" authentication-failure-url="/login" login-processing-url="/j_spring_security_check" />    <security:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler" />    <security:csrf request-matcher-ref="csrfSecurityRequestMatcher"  /></security:http>

CsrfSecurityRequestMatcher

public class CsrfSecurityRequestMatcher implements RequestMatcher {    private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");    private RegexRequestMatcher unprotectedMatcher = new RegexRequestMatcher("/ext/**", null);    @Override    public boolean matches(HttpServletRequest request) {       if(allowedMethods.matcher(request.getMethod()).matches()){ return false;        }        return !unprotectedMatcher.matches(request);    }}