我有

@Configuration

@EnableWebSecurity

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override

    protected void configure(final HttpSecurity http) throws Exception {

        http

            .csrf().disable()

            .authorizeRequests()

                .antMatchers(HttpMethod.POST, "/api/v1/account/import").permitAll()

                .anyRequest().authenticated()

                .and()

            .addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

    }

我希望所有用户都可以在/api/v1/account/import没有任何 JWT 令牌检查的情况下访问。对于所有其他端点，我希望在 class 中进行 JWT 令牌检查JWTAuthenticationFilter。我尝试了许多不同的场景，但都失败了。我总是得到JWTAuthenticationFilter。JWTAuthenticationFilter如果我去，我不想去/api/v1/account/import。

我的控制器：

@RestController

@RequestMapping(value = "/api/v1/account")

public class AccountController {

    private final AccountService accountService;

    public AccountController(final AccountService accountService) {

        this.accountService = accountService;

    }

    @PostMapping(path = "/import")

    @ResponseStatus(HttpStatus.ACCEPTED)

    public String importAccount(@Valid @RequestBody final ImportAccountDto importAccountDto) {

        return this.accountService.importAccount(importAccountDto);

    }

我的 JWT 过滤器：

public class JWTAuthenticationFilter extends GenericFilterBean {

    @Override

    public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain filterChain) throws IOException, ServletException {

        final HttpServletRequest request = (HttpServletRequest) req;

        final HttpServletResponse response = (HttpServletResponse) res;

        final String token = request.getHeader("Authorization");

        final JJWTService jjwtService = new JJWTService();

        if (token == null || !jjwtService.parseJWTToken(token)) {

            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);

        } else {

            filterChain.doFilter(req, res);

        }

    }