我创建了一个包含以下方法的类JwtAuthenticationFilter:

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
    Authentication authentication = null;

    if(hasJsonToken(request)) {
        JwtAuthenticationToken jwtAuthenticationToken = new JwtAuthenticationToken(getJsonToken(request));
        authentication = getAuthenticationManager().authenticate(jwtAuthenticationToken);
    } else {
        throw new AuthenticationCredentialsNotFoundException(AUTHENTICATION_CREDENTIALS_NOT_FOUND_MSG);
    }

    return authentication;
}

@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
        AuthenticationException authException) throws IOException, ServletException {
response.sendError(HttpStatus.UNAUTHORIZED.value(),HttpStatus.UNAUTHORIZED.getReasonPhrase());
}

@Bean
public RestAuthenticationEntryPoint restAuthenticationEntryPoint() {
    return new RestAuthenticationEntryPoint();
}

protected void configure(HttpSecurity http) throws Exception {
    http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
        .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint()).and()
        .csrf().disable()
        .authorizeRequests().antMatchers(AUTHORISED_SERVICE_REQUESTS_ANT_MATCHER).authenticated()
        .anyRequest().permitAll();
}

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    ...
}

jwtAuthenticationFilter.setAuthenticationFailureHandler(new JwtAuthenticationFailureHandler());

AuthenticationEntryPoint和AuthenticationFailureHandler之间的区别在于，前者用于“告诉”未经身份验证的用户在何处进行身份验证，例如，通过将他们重定向到登录表单。后者用于处理错误的登录尝试。

您的AuthenticationEntryPoint可能不会被调用，因为您抛出了异常。如果用户尝试访问需要身份验证的端点而您没有抛出任何东西，则将调用该方法。在没有凭据的情况下，无需验证用户就足够了，您无需引发异常。

如果要使用JWT身份验证创建应用程序，则可能不想将用户重定向到任何地方，因此您可以使用org.springframework.security.web.authentication.HttpStatusEntryPoint或类似您的入口点来返回状态码。