//白名单uri直接放行

        String requestURI = request.getRequestURI();

        PathMatcher pathMatcher =  new AntPathMatcher();

        boolean needAuthen = false;

        for (String uriPattern : SecurityConfig.AUTH_WHITELIST) {

            boolean match = pathMatcher.match(uriPattern, requestURI);

            if (match) {

                return true;

            }

            continue;

        }

参考文章： https://www.jianshu.com/p/4f9ee6007213