我有一個(gè)問(wèn)題……我有這樣的 SecurityConfig.class（這是一個(gè)擴(kuò)展 WebSecurityConfigurerAdapter 的類）：/** * This method define which resources are public and which are secured */@Overrideprotected void configure(HttpSecurity http) throws Exception {    http.cors().and().csrf().disable().authorizeRequests()            .antMatchers(HttpMethod.POST, SecurityConstants.SIGN_UP_URL).permitAll().anyRequest()            .authenticated()            .and().addFilter(new JWTAuthenticationFilter(authenticationManager()))            .addFilter(new JWTAuthorizationFilter(authenticationManager()))         .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);}但我的問(wèn)題是，當(dāng)我嘗試訪問(wèn) SIGN_UP_URL 時(shí)，應(yīng)用程序正在嘗試使用此過(guò)濾器對(duì)用戶進(jìn)行身份驗(yàn)證：@Overrideprotected void doFilterInternal(HttpServletRequest req,                                HttpServletResponse res,                                FilterChain chain) throws IOException, ServletException {    String header = req.getHeader(SecurityConstants.HEADER_STRING);    if (header == null || !header.startsWith(SecurityConstants.TOKEN_PREFIX)) {        chain.doFilter(req, res);        res.sendError(HttpServletResponse.SC_UNAUTHORIZED,"Access Denied");        return;    }    UsernamePasswordAuthenticationToken authentication = getAuthentication(req);    SecurityContextHolder.getContext().setAuthentication(authentication);    chain.doFilter(req, res);}檢查到那時(shí)為空的標(biāo)頭（因?yàn)樵?URL 理論上不需要身份驗(yàn)證或任何令牌）這應(yīng)該不會(huì)發(fā)生，有人可以幫我嗎？當(dāng)我在沒(méi)有身份驗(yàn)證的情況下為所有用戶打開安全性時(shí)，該方法成功執(zhí)行