在Spring Boot中排除某些URL的自定义过滤器

我有一个使用OAuth身份验证的Spring Boot应用程序。除了身份验证之外，我还需要授权用户才能访问系统。我创建了一个自定义过滤器来授权用户。我只想在BasicAuthenticationFilter之后才运行此过滤器。如果BasicAuthenticationFilter没有运行，则我的过滤器也不应运行。

AuthorizationFilter.java

@Component
public class AuthorizationFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {

        boolean isValidUser = true;
        // we get the authenticated user from the context
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String id = (authentication == null)? "" : authentication.getName();

        ..
        // code to get the user data from database using 'id' and set isValidUser flag
        ..
        if(isValidUser) {
            filterChain.doFilter(request, response);
        }
        else {
            ...
            // handle UNAUTHORIZED
            ...
        }
    }
}

SecurityConfiguration.java

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(final HttpSecurity security) throws Exception {

        security.requestMatchers()
                .antMatchers("/actuator/health")
                .and()
                .authorizeRequests()
                .antMatchers("/actuator/health").permitAll()
                .and()
                .csrf().disable();

        security.cors();

        // Custom filter to validate if user is authorized and active to access the system
        security.addFilterAfter(new AuthorizationFilter(), BasicAuthenticationFilter.class);
    }
}

问题：

1. 即使我已允许'/ actuator / health'端点，我的自定义过滤器仍会为该端点运行。如何排除我的过滤器在'/ actuator / health'上运行？

2. 完美的解决方案是仅在运行BasicAuthenticationFilter时运行我的过滤器。这可能吗？怎么样？