我尝试为REST API应用程序启用Spring安全性，但是没有调用我的自定义过滤器。
这是我的配置：

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringConfig {

    @Resource
    public AuthorizationFilter authorizationFilter;
    
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }
    
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        // Enable CORS and disable CSRF
        http = http.cors().and().csrf().disable();

        // Set session management to stateless
        http = http
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and();

        // Set unauthorized requests exception handler
        http = http
            .exceptionHandling()
            .authenticationEntryPoint(
                (request, response, ex) -> {
                    response.sendError(
                        HttpServletResponse.SC_UNAUTHORIZED,
                        ex.getMessage()
                    );
                }
            )
            .and();

        // Set permissions on endpoints
        http.authorizeRequests()
            // Our private endpoints
            .anyRequest().authenticated();

        // Add JWT token filter
        http.addFilterBefore(
                authorizationFilter,
            UsernamePasswordAuthenticationFilter.class
        );
        return http.build();
    }
}

这是我的自定义过滤器：

@Component
public class AuthorizationFilter extends OncePerRequestFilter {

    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String BEARER_PREFIX = "Bearer ";
    
    @Resource
    private ExternalAuthenticationService externalAuthenticationService;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        final String header = request.getHeader(AUTHORIZATION_HEADER);
        if (header != null && header.startsWith(BEARER_PREFIX)) {
            String token = header.replace(BEARER_PREFIX, "");
            if(StringUtils.isNotBlank(token)) {
                Identity id =externalAuthenticationService.verifyToken(token);
                if(id!=null)
                    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(id, null, Collections.singleton(new SimpleGrantedAuthority(id.getType()))));
            }
        }
        chain.doFilter(request, response);
    }
}

我希望所有的请求都能通过自定义过滤器，但是它不起作用。我错过了什么？Spring-security调试日志没有帮助。