@Bean
    public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint constraint = new SecurityConstraint();
                constraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                constraint.addCollection(collection);
                context.addConstraint(constraint);
            }
        };

        tomcat.addAdditionalTomcatConnectors(createStandardConnector());
        // 这里是最重要的，加上这个就OK了
        tomcat.addContextCustomizers( context -> {
            RealmBase realmBase = new RealmBase() {
                @Override
                protected String getPassword(String username) {
                    return null;
                }
                @Override
                protected Principal getPrincipal(String username) {
                    return null;
                }
            };
            realmBase.setTransportGuaranteeRedirectStatus(301);
            context.setRealm(realmBase);
        });
        return tomcat;
    }

https://ttcxy.net/blog/61b5bdbde4b09915014efb14