我已经为Spring Rest后端创建了JWT身份验证过滤器。创建JWT似乎不是问题，但是对于我当前的设置，任何请求都经过了身份验证，尽管客户端没有在标头中传递任何令牌，但是没有任何请求会触发401。

我已经设置好所有请求都需要授权。我的JwtAuthenticationEntryPoint符合预期：抛出一般401错误。

我的JwtAuthenticationFilter：

@Component

public class JwtAuthenticationFilter extends OncePerRequestFilter {

@Autowired

private JwtTokenProvider tokenProvider;

@Autowired

private CustomUserDetailsService customUserDetailsService;

private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationFilter.class);

@Override

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain

        filterChain) throws ServletException, IOException {

    logger.debug("Filtering request for JWT header verification");

    try {

        String jwt = getJwtFromRequest(request);

        if (StringUtils.hasText(jwt) && tokenProvider.validateToken(jwt)) {

            String username = tokenProvider.getUserIdFromJWT(jwt);

            UserDetails userDetails = customUserDetailsService.loadUserByUsername(username);

            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken

                    (userDetails, null, userDetails.getAuthorities());

            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));

            SecurityContextHolder.getContext().setAuthentication(authentication);

        }

    } catch (Exception ex) {

        logger.error("Could not set user authentication in security context", ex);

    }

    filterChain.doFilter(request, response);

}

private String getJwtFromRequest(HttpServletRequest request) {

    logger.debug("Attempting to get token from request header");

    String bearerToken = request.getHeader("Authorization");

    if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {

        return bearerToken.substring(7, bearerToken.length());

    }

    return null;

}

 }