我想忽略所有带有HttpMethod.GET的 URL，带有 Post、Delete、Put 的 URL 需要进行身份验证。我的网址是"/api/manga","/api/grupos","/api/autor","/genero","/api/pagina","/api/capitulo"

PermitAll 不适用于 JWTFilter，如果删除过滤器，则工作正常。

如何忽略或允许所有网址HttpMethod.GET？需要创建单独的 api 进行身份验证？

网络安全配置

@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity(prePostEnabled = true)

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()

                .antMatchers(HttpMethod.GET, "/api/manga", "/api/grupos", "/api/autor", "/genero", "/api/pagina",

                        "/api/capitulo")

                .permitAll().anyRequest().fullyAuthenticated().and()

                .addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).httpBasic()

                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf()

                .disable();

    }

    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/favicon.ico", "/", "/index.html", "/registrar", "/autenticar", "/app/**");

    }

}

JWT认证过滤器

public class JWTAuthenticationFilter extends GenericFilterBean {

    private static final String AUTHORIZATION_HEADER = "Authorization";

    private static final String AUTHORITIES_KEY = "roles";

    @Override

    public void doFilter(final ServletRequest req, final ServletResponse res,final FilterChain filterChain)

            throws IOException, ServletException {      

        final HttpServletRequest request = (HttpServletRequest) req;       

        String authReader = request.getHeader(AUTHORIZATION_HEADER);

        if (authReader == null || !authReader.startsWith("Bearer ")) {

            ((HttpServletResponse) res).sendError(HttpServletResponse.SC_UNAUTHORIZED, "invalido autorization");

        }