在具有以下安全配置的示例 Spring 项目中：import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter {    @Autowired    MySimpleEncoder passwordEncoder;    @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        auth.inMemoryAuthentication()                .passwordEncoder(passwordEncoder)                .withUser("admin").password(passwordEncoder.encode("admino")).roles("USER","ADMIN")                .and()                .withUser("user").password(passwordEncoder.encode("123456")).roles("USER");    }    @Bean    public MySimpleEncoder passwordEncoder() {        return new MySimpleEncoder();    }    @Override    protected void configure(HttpSecurity http) throws Exception {        http.authorizeRequests()                .antMatchers("/**").hasAnyRole("ADMIN", "USER")                .and().httpBasic()                .and().csrf().disable();    }}我注意到您需要这两个依赖项： <dependency>        <groupId>org.springframework.security</groupId>        <artifactId>spring-security-core</artifactId>    </dependency>    <dependency>        <groupId>org.springframework.security</groupId>        <artifactId>spring-security-config</artifactId>    </dependency>还有这个，这是运行时需要的：<dependency>    <groupId>org.springframework.security</groupId>    <artifactId>spring-security-web</artifactId>    <scope>runtime</scope></dependency>为什么最后一个依赖项没有被其他两个依赖项之一自动拉入运行时范围？为什么我们需要显式声明它？我正在使用 Spring 5